Microsoft puts a stop to Excel add-ins from the Internet

Martin Brinkmann
Jan 29, 2023
Microsoft Office

Malicious Excel add-ins from the Internet attacks have skyrocket in recent time. Microsoft therefore no longer wants to allow them from March 2023 onwards.

Excel Add-ins

Excel add-ins from the Internet are a major threat to security. HP's Wolf Security Threat Insights Report for the fourth quarter of 2021 highlighted a 588% increase in Microsoft Excel add-in attacks compared to the previous quarter of the year.

HP's research team found information about Excel add-in dropper and malware kits on the dark web, which allow less experienced attackers to create malware campaigns that use the Excel add-on attack vector. A growing number of malware families is using Excel add-ons to spread.

Just last month, security experts at Cisco Thalos published a threat spotlight about the use of malicious Excel add-ins by threat actors.

How Excel add-ins work

Excel add-in files, which have the .xll file extension, have been supported since Microsoft Excel 1997. Add-ins, which exist for other Office applications such as Word as well, are designed to enhance the functionality or the appearance of the application. They are provided as executable code and come in various formats.

Installation of add-ins is not identical across Office applications. Word add-ons, for example, need to be added specifically by an administrator. Excel add-ins, on the other hand, execute directly when a user double-clicks on the file name. Excel is launched directly when an Excel .xll file is loaded on a Windows machine.

A security message is displayed by Excel when an .xll file is about to be loaded into the application. Options to enable the add-in for the session or leave it disabled are provided.

XLL files may be distributed via email, on websites, chat messages, and other distribution options. Malicious Excel add-ins include event handling functions that are called when a document is opened or closed, or when other events happen. These allow the attacker to launch malicious macro code.

Excel: Blocking xll Add-ins from the Internet

Microsoft plans to block Excel add-ins from the Internet on all Office desktop and cloud platforms starting March 2023.

The company notes: "In order to combat the increasing number of malware attacks in recent months, we are implementing measures that will block XLL add-ins coming from the internet".

Excel add-ins from the local machine or those downloaded from within Excel using Insert > Add-ins > Get Add-ins are not blocked.

Microsoft puts a stop to Excel add-ins from the Internet
Article Name
Microsoft puts a stop to Excel add-ins from the Internet
Microsoft will block Excel add-ins from the Internet from March 2023 onward to protect customers against a rising malware threat.
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


  1. Adelaide said on January 30, 2023 at 12:55 am

    LibreOffice add-ins, such ShowNotes and AltSearch. Further, LibreOffice has an excellent guide for creating your own extension at “Add-in for Programming in LibreOffice Calc”, and there are tutorials, such as “Extending LibreOffice – Chapter 47. Calc Add-ins”. So, if I can’t find the extension I want, I can roll my own. Oh, and there is no cost, no need to register with a store, in most cases.

  2. Anonymous said on January 29, 2023 at 10:51 pm

    Yet Microsoft keeps bloating Windows 11 with crappy web-based nonsense hooked into the user shell.

  3. Milan said on January 29, 2023 at 4:43 pm

    The irony is that the best security addon is the one that prevents Microsoft from abusing their power against legitimate users. But just like big government, they always encroach on your privacy and restrict you under the excuse that “it’s for your safety.” It will take two weeks to flatten the curve… for your safety. Give us your guns… for your own protection. Give us your useful third-party addons… for your safety. lol 

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.