After a break in its application, Microsoft has decided to block VBA macros by default. The editor also takes the opportunity to test a feature in Windows 11 to counter brute force attacks on RDP.
A small pas de deux for Microsoft regarding the blocking of VBA (Visual Basic for Applications) macros by default. Last January, the Redmond firm announced that Excel 4.0 or XML macros will be automatically disabled. Then in early July, the publisher backtracked by deciding to re-enable VBA macros on Office documents following several user comments. The latter encountered difficulties in implementing this policy.
Eventually, Microsoft decided to re-enable the default blocking of VBA macros. In a post on the firm’s blog, Kellie Eckmeyer, Product Manager at Microsoft explains, “Following review of customer feedback, we have made updates to both our user and system administrators to clarify the options available to them for different scenarios. With this clarification, the firm “resumes the deployment of default blocking in Current Channel”, underlines the manager. A turnaround hailed by cybersecurity specialists. Indeed, hackers still use it to create documents that deploy malware or perform other malicious behavior by manipulating files in the local filesystem. Note that the deployment of this modification in the Current Channel will take place from July 27th.
Curbing Brute Force Attacks on RDP
In parallel with this decision, Microsoft announced another change to stem brute force attacks on RDP services. In test versions of Windows 11, a default account lockout policy is introduced to slow down intrusion attempts. Indeed, cybercriminals use automated tools to guess the password of an account. According to a tweet from Dave Weston, Vice President of Enterprise and OS Security at Microsoftthese tools are typically used by ransomware operators.
Concretely, the policy put in place within the Insider Preview (version 2258.1000 and more recent) of Windows 11 automatically blocks accounts for 10 minutes after 10 unsuccessful connection attempts. Users can modify this policy by changing the number of login attempts that trigger the lockout and the duration of the account lockout.