Microsoft will block Excel add-ins that are loaded via the Internet

Microsoft will block the ability to load add-ins from the internet into Excel. According to the company, this option has been increasingly abused in recent months to spread malware.

Microsoft writes in a roadmap that it will block add-ins in Excel from the Internet from March. These are XLL files that can be used to add extra functionality to the spreadsheet software. Add-ins, unlike add-ons, do not need to be installed as an executable file. They can be loaded directly at the same time as Excel itself. This is certainly problematic with Microsoft 365 products, because Excel can be used online. This only applies to Excel; with other Office applications, such as Word, only admins can load add-ins.

According to Microsoft, this poses a security risk. For example, an XLL add-in can be loaded into Excel from different sides. This can be done via phishing websites, but also via e-mail. Furthermore, an XLL can be programmed to execute code on a system and cause relatively high damage.

According to Microsoft, there has been an increase in malware spread through add-ins in recent months, but the company provides few specific details. “Due to the increasing number of malware attacks in recent months, we are implementing measures to block XLL add-ins coming from the Internet,” Microsoft wrote. From that moment on, it is only possible to load add-ins from the local system.