Microsoft rolls back essential security change for Office suite customers

Microsoft just did a weird backpedal. The publisher has canceled a change recently deployed on its Office suite (Excel, Word, Powerpoint), which was nevertheless unanimously welcomed by cybersecurity experts. This was the simple modification of the button that offered users enable macros » on documents downloaded from the Internet.

For years, the most active cybercriminal groups like Dridex, Emotet or Trickbot tricked their thousands of victims into downloading documents from the Office suite. Then, a simple click on this button activated a macro [une commande, ndlr] which initiated the download of malware. By removing the possibility for each user to make this error, Microsoft drastically increased the security of its customers against a whole section of cybercrime. But the publisher decided to go back, as the Bleeping Computer observed, creating a wind of discontent among cybersecurity professionals.

How Cybercriminals Hijack Microsoft Excel to Install Viruses

Backtracking justified by customer feedback

Microsoft announced the change Thursday, July 7 via Current Channel, its customer communication channel. The change to macro activation had just been deployed, between April and June. The publisher does not expand on the reasons for this hasty about-face, simply citing the customer feedback ».

The macro system allows users of the Microsoft Office suite automate certain tasks such as updating figures from a database or editing reports. We can therefore imagine that the marketing or commercial divisions of Office client organizations have encountered operational difficulties because of the change and have complained about it. At the expense of security teams.

The Bleeping Computer, however, reports the testimonies of many dissatisfied customers with the lack of communication on the subject. Security officials will have to reintroduce the necessary measures to manage the risks associated with the button enable macros », but they were not notified in advance of the rollback. Microsoft has not yet specified whether the backpedal was temporary or permanent.