Microsoft will block Office macros by default from July 27, to fight ransomware and other malware

Microsoft confirmed this week that it will soon begin blocking Visual Basic Applications (VBA) macros by default in Office apps after quietly rolling back the change earlier this month.

In a new update, the tech giant said it will start blocking Office macros by default from July 27. This comes shortly after Microsoft halted the rollout of the macro blocking feature citing unspecified *user feedback*. The initial rollout, which began in early June, is thought to have caused problems for organizations using macros to automate routine processes, such as collecting data or completing certain tasks.

In a statement, Microsoft said it has paused the rollout while it makes some additional changes to improve usability. The company has since updated its documentation with step-by-step instructions for end users and IT admins on how Office determines whether to block or run macros, which versions of Office are affected by the new rules, how to allow VBA macros in trusted files and how to prepare for the change.

Quote Sent by Microsoft

VBA macros are a common way for malicious actors to gain access to deploy malware and ransomware. Therefore, to improve security in Office, we are changing the default behavior of Office applications to block macros in files from the Internet.

With this change, when users open a file from the Internet, such as an email attachment, and that file contains macros, the following message is displayed:

The button Learn more is an article for end users and information workers that contains information on the security risk of malicious actors using macros, safe practices to prevent phishing and malware, and instructions on how to enable these macros (if necessary).

In some cases, users also see the message if the file is from a location on your intranet that is not identified as trusted. For example, if users access files on a network share using the share’s IP address.

Macros are a popular attack vector among cybercriminals. As part of these attacks, users usually receive a document by e-mail or that they are asked to upload it to a website. when the victim opens the file, the attacker usually leaves a message asking the user to allow the execution of the macro. Although users with technical and cybersecurity knowledge are able to recognize this trap and still get infected with malware, many daily Office users are still unaware of this technique.

They then end up following the instructions provided, infecting themselves with malware. Handling this issue has been a thorn in Microsoft’s side, as VBA macros are often used in companies to automate certain operations and tasks when opening certain files, such as importing data and updating document content from dynamic sources. Since the early 2000s, Microsoft has tried to solve this problem by displaying a small security warning in the form of a toolbar at the top of the document.

But in February, Microsoft announced plans to disable macros by default in February to prevent malicious actors from abusing the feature to distribute malware via email attachments.

This change, demanded for years by security researchers, is seen as a serious barrier against malicious web actors who trick users into allowing an infected macro to run in order to install malware on their systems.

With this change, when files that use macros are downloaded from the Internet, those macros will now be fully disabled by default. Unlike older versions of Office, which display an alert banner that can be clicked to allow macros to run, the new version of the banner offers no way to enable them.

The cybersecurity industry therefore applauded the decision to block macros – and it seemed to be working until Microsoft’s decision to put a stop to it last month. ESET, for example, observed a recent Emotet test campaign which showed that malicious actors were already moving away from macro-based attacks in response to the change, instead replacing Microsoft Word documents with a shortcut file as an attachment. malicious.

Microsoft’s macro blocking feature will soon begin rolling out to Access, Excel, PowerPoint, Visio, and Word on Windows. The change will not affect Office for Mac, Android or iOS devices.

Source: Microsoft

And you?

What is your opinion on the subject?
Will this measure really reduce the risk of being infected with malware hidden in macros?

See as well

DINUM considers that Microsoft 365 does not comply with the Cloud strategy at the center of the French state, in a circular addressed to the secretaries general of the ministries
Microsoft Office 2021 will arrive in the second half of the year and will support dark mode, it will come in two versions and will be licensed for life for a single package
Microsoft launches Power Fx, a new low-code open-source programming language based on Excel
Microsoft is bringing JavaScript to Excel via a new API, to allow developers to create custom data types in Excel

Leave a Comment