Shulou(Shulou.com)11/24 Report--

Thanks to CTOnews.com netizen Coje_He for the clue delivery! CTOnews.com, January 30 (Xinhua)-- Microsoft will block the Excel XLL plug-in on the Internet from March, so as to prevent the phishing plug-in from endangering users' computer security.

Microsoft said in the Microsoft roadmap that in order to combat the increasing number of malware attacks in recent months, it will prevent Excel from installing XLL add-ons from the Internet for desktop users around the world from March 2023.

Security researchers say that after Microsoft began blocking Visual Basic for Application (VBA) macros by default in Word, Excel and PowerPoint from July 2022 to cut off popular attack routes, threat groups began using other options, such as LNK files and ISO and RAR attachments.

In December 2022, Cisco's Talos threat Intelligence team detailed another tool targeted by cybercriminals: the Excel XLL file. Talos researchers say the use of XLL files has increased dramatically since Microsoft turned off VBA macros by default.

CTOnews.com learned that the XLL file is a DLL file that is opened only in Excel and can add more functionality to Excel in the form of plug-ins. When a user opens a file with an .XLL extension in Windows File Explorer, the system automatically attempts to launch Excel and open the file with a warning about possible dangerous code, similar to the warning displayed when opening an Office document that contains VBA macro codes.

However, the average user will ignore this warning, giving criminals a chance.

According to researchers at HP Wolf Security, the number of attackers using these files to compromise the system increased by 588% in the fourth quarter of 2021 compared with the same period a year earlier.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.