Microsoft disables Excel 4.0 macros in Office 365 in the next weeks

[English]Microsoft has notified users of Microsoft 365 subscriptions that they will be gradually disabling the execution of Excel 4.0 macros in Office 365 over the coming weeks for security reasons. Here's some information on the issue.


Old Feature from 1992, a security nightmare

Excel 4.0 macros are an age-old braid, introduced in 1992 with Microsoft Excel 4.0. Users can directly insert macro commands into cells of a spreadsheet and then have them executed (an example can be found here). It is also possible to save these Excel 4.0 macros in Excel macro files (.xml files). However, Microsoft has already switched to the possibility of generating and executing macros as VBA code in Excel 5.0. This approach is also recommended, but the support of Excel 4.0 macros was kept in all newer Office versions.

It became a problem because cyber criminals abused this mechanism to spread malware to user systems via Excel 4.0 macros. The actors behind TrickBot, Qbot, Dridex, Zloader, etc. rely on Excel 4.0 macros as the primary downloader for their malware. Security vendors and companies like VMware have been warning about this approach for quite some time, complaining about a heavy increase in this infection vector over the last two years.

Microsoft disables Excel 4.0 macros in Office 365

Users and administrators can disable Excel 4.0 macros from running in Office 365 in the Trust Center settings. Microsoft even recommends this in this support post. There are probably also group policies for this, although this approach probably has some pitfalls because not all policies are available in all Office versions.

Excel 4.0 macros will be disabled in Office 265

It now seems to me like Microsoft is pulling the plug due to the increasing abuse of the Excel 4.0 macros for Office 365. It is reported here that Microsoft has informed its Microsoft 365 customers via email that this feature has been disabled. A Twitter user made the information in question public in the above tweet. Microsoft is taking a three-step approach to better protect Office 365 customers by disabling the Excel 4.0 macros.


  • Those using Office 365 as Insiders in the Slow Channel will receive this deactivation adjustment between late October and early November 2021.
  • For Office 365 users receiving updates via the Current Channel, the Excel 4.0 macros will be disabled from early to mid-November 2021.
  • All users who are in the Office 365 Monthly Enterprise Channel (MEC) will receive the deactivation of Excel 4.0 macros in mid-December 2021.

Microsoft writes that users where these settings are managed via Group Policy or who have customized the settings in the Trust Center accordingly will not be affected by the above changes. Any users who have not yet received this adjustment or want to disable Excel 5.0 macros immediately can find instructions in this Techcommunity post.

But I had checked my Excel 2019 copy – the checkbox Enable Excel 4.0 macros when VBA macros are enabled shown above in the Trust Center (see also the the Techcommunity post) is not there. Let's see if next Tuesday with the Office updates there will be a corresponding correction of the settings options. Currently the option is only avaiblable in Excel from Office 365.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Office, Security, Update and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *