Excel Update to Fix XLL Download Risks in March: Here’s How to Stay Safe Until Then

Microsoft recently announced an update arriving in March that continues their ongoing fight against malware attacks via the Microsoft Office suite.



This update aims to take on bad actors who use XLL files to inject unintended software into victims’ systems. To stop the malicious attack, the update will block downloaded XLL files. Here’s everything you need to know.



What Are XLL Files?

An XLL file is an extended dynamic-link library that brings additional features created by Microsoft or third-party users into Microsoft Excel. In short, these Excel add-ins help add features like new ribbons, functions, and dialog boxes.

READ MORE  How to Open CSV Files with Excel

These files allow people to write code to extend the spreadsheet software’s native functionality.

What Changes Will the Update Bring?

As Microsoft announced, starting in March of this year, Excel will not be able to run XLL files downloaded from the internet. Unfortunately, this means third-party XLL files will no longer be compatible with Microsoft Excel.

This announcement came after several highly dangerous malware families changed their delivery methodology to exploit Excel’s behavior while running XLL files. The change will keep users safe from potential data theft and ransomware attacks.

How Can You Avoid Potential Security Issues?

The patch won’t be fully released until March of this year. In the meantime, avoid downloading and running any XLL files from random sites. When attempting to install any XLL file, the current behavior is the appearance of a pop-up dialog box with the option to install the file or ignore it.

READ MORE  Office for iPad arrives and it's free to download, but it's a catch


A dialog box with asking whether or not to install a .XLL file over top of Excel.

Always select the option not to install the file. The file won’t be executed until you choose to install it in that dialog. Treat any request to install custom XLL files, even from clients or coworkers, as suspicious, and report any such attempt to your company’s data security team immediately, if possible.

Ensure you update your copy of Excel as soon as the patch is released for safety.

READ MORE  Free business email address lists to download

XLL Files Pose a Serious Risk in Excel

The rise in malware attacks originating from XLL files can be traced to Microsoft’s decision last year to block VBA Macros by default in all their Office products. With one common avenue of injection closed off, malefactors determined to attack were forced to find exploits in other aspects of Office software.


XLL files can introduce a host of potential issues when they are run, including ransomware attacks, data theft, logging software, and more. These issues can quickly expand from ruining a single system to threatening a complete corporate infrastructure, so it’s crucial to prioritize system security by following Microsoft’s warning till the update arrives.

      Select your currency
      WinKeys
      Logo
      Register New Account