Microsoft Launches Update That Blocks Macros By Default
JAKARTA – This week Microsoft began rolling out an update to Microsoft Office that blocks the use of Visual Basic for Applications (VBA) macros in downloaded documents. A macro is a set of commands that can be used to automate repetitive tasks, and can be executed when the user has to perform the task.
Last month, Microsoft was testing a new default setting when it suddenly canceled an update, "while we made some additional changes to improve usability." Despite saying it's temporary, many experts worry that Microsoft may not change the default settings, which makes the system vulnerable to attacks.
Google Threat Analysis Group leader Shane Huntley tweeted: "Blocking Office macros will do far more to actually defend against real threats than any threat intel blog post."
Now the new default settings are rolling out, but with an updated language to let users and administrators know what options they have when they try to open a file and the file is blocked.
This only applies if Windows, using the NTFS file system, logs it as downloaded from the internet and not a network drive or site that the admin has marked as safe, and doesn't change anything on other platforms like Mac, Office on Android/iOS, or Office on the web.
Microsoft:
We are continuing to roll out these changes in the Current Channel. Based on our review of customer feedback, we've made updates to our end-user and IT admin documentation to clarify what options you have for different scenarios. For example, what to do if you have files on SharePoint or files on a network share. Please refer to the following documentation:
- For end users, Potentially harmful Macros have been blocked
- For IT admins, Macros from the internet will be blocked by default in Office
If you've ever enabled or disabled the Block policy from running on Office files from the Internet, your organization won't be affected by this change.
While some people use scripts to automate tasks, hackers have been abusing the feature with malicious macros for years, to trick people into downloading files and running them to harm their systems.
SEE ALSO:
Microsoft noted how administrators can use Group Policy settings in Office 2016 to block macros across their organization's systems. However, not everyone activates it, and attacks continue, allowing hackers to steal data or distribute ransomware.
Users who try to open the file and are blocked will get a pop-up that sends them to this page, explaining why they may not need to open the document. It starts with running some scenarios where someone might try to trick them into running malware.
If they really need to see what's inside the downloaded file, it goes on to explain how to gain access, all of which is more complicated than what went before, where the user can usually activate a macro with the press of a button on the warning banner.
This change may not necessarily stop someone from trying to open a malicious file, but it does provide several layers of warning before they can get there while still giving access to people who say they really need it.