2.2.4.7.2.8 (L1) Ensure 'Prevent Excel from running XLM macros' is set to 'Enabled'

Information

This policy setting will prevent Excel from running Excel 4.0 (XLM) macros. XLM macros were first added to Excel in 1992 and were disabled in Excel (Build 16.0.14427.10000) by Microsoft in 2021.

The recommended state for this setting is: Enabled

XLM is data macro format from the early nineties that was not built with security in mind. Macros can be easily exploited and are a favorite hiding place of malicious code. While newer builds of Excel disable XLM macros by default, it is an important setting to audit for a secure state in all versions of Excel.

Solution

To establish the recommended state via configuration profiles, set the following Settings Catalog path to Enabled

Microsoft Excel 2016\Excel Options\Security\Trust Center\Prevent Excel from running XLM macros

Impact:

This enforces the default behavior. Existing XLM macros will not function and should be migrated.

See Also

https://workbench.cisecurity.org/benchmarks/15808

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|CM-7, 800-53|CM-7(1), 800-53|SI-7, 800-53|SI-7(1)

Plugin: Windows

Control ID: 0011d2c4981e675be586a53956c8643b20dfd03497c98123745869d908e474fd