Microsoft turns off Excel 4.0 macros by default, because they’re mostly used for malware

Microsoft turns off Excel 4.0 macros by default, because they’re mostly used for malware

The first version of Microsoft Excel was released 35 years ago, and we’ve all learned a bit more about computer security since then. The first iteration of Excel macros could call on and execute other programs on a computer, which was helpful in the early days of number-crunching, but at this point it’s mostly just an attack vector for malware in corporate environments. After years of security problems, Excel no longer runs older macros by default.

Excel 4.0 macros, also known as XLM macros, have been commonly used to distribute malware in corporate environments. In most cases, a document sent to a work email asks the recipient to click the ‘Enable editing’ and ‘Enable content’ buttons in Excel for the malware to run. Microsoft already allowed administrators to turn off XLM macros by default (or even block them entirely), but Bleeping Computer reports the company is flipping the switch for everyone.

Excel 4.0 macro

XLS document with an Excel 4.0 macro (Source: Bleeping Computer)

Excel 4.0 macros allowed complex automation and workflows within Excel documents, but were not containerized and had full access to the computer’s applications and the Win32 API on Windows. Excel 5.0 included Visual Basic for Applications (VBA) as a new option for writing macros (ranked as the most dreaded programming language by Stack Overflow’s surveys in 2020), which has more limitations to prevent security problems, but support for original macros is still available in the latest versions of Excel to avoid breaking documents.

Bleeping Computer reports that XLM macros are disabled by default in Excel version 16.0.14527.20000 and newer, which rolled out in October in the Current Channel and December in the Monthly Enterprise Channel. The Semi-Annual Enterprise Channel (Preview) and Semi-Annual Enterprise Channel will receive the change in March and July, respectively.

This doesn’t completely rip out support for older macros, it only shows a security warning with an ‘Enable content’ prompt. Many administrators already had the security warning enabled, but (non-malware) usage of XLM macros has seemingly decreased to the point where Microsoft is adding an extra roadblock. Excel 4.0 macros were never available in the web or mobile versions of Excel.

About author

Corbin Davenport
Corbin Davenport

Corbin is a tech journalist and software developer. Check out what he's up to at

We are reader supported. External links may earn us a commission.