Microsoft is rolling out a new security feature that will block VBA macros obtained from the internet by default for five Office apps that run macros, helping to prevent malware deployments to unwitting end users.
In a Tech Community blog, the company says this default setting impacts Access, Excel, PowerPoint, Visio and Word, and only affects Office on devices running Windows.
The change will begin rolling out in Version 2203, starting with Current Channel (Preview) in early April 2022. The change will then be available in the other update channels, including Current Channel, Monthly Enterprise Channel and Semi-Annual Enterprise Channel.
The company will also make this change in the future to Office LTSC, Office 2021, Office 2019, Office 2016, and Office 2013.
This move goes a step further than simply presenting users with a notification bar to warn them about these macros, but users could still decide to enable them by clicking a button, Microsoft says.
“Bad actors send macros in Office files to end users who unknowingly enable them, malicious payloads are delivered, and the impact can be severe including malware, compromised identity, data loss, and remote access,” the company writes in the blog.
With the new default setting, if a user opens an attachment for downloads from the internet an untrusted Office file containing macros, a message bar will explain that the file contains Visual Basic for Applications (VBA) macros obtained from the internet that have been blocked.
Users can click the “Learn More” button to read an article about the security risk of macros and safe practices, as well as instructions on how to enable these macros by saving the file and removing the Mark of the Web (MOTW), which is an attribute added to files when it is sourced from an untrusted location.
Microsoft recommends that IT admins preemptively enable a policy that automatically blocks macros from running in Office files from the internet. If they do, they won’t be affected by the default change.
“We will continue to adjust our user experience for macros, as we’ve done here, to make it more difficult to trick users into running malicious code via social engineering while maintaining a path for legitimate macros to be enabled where appropriate via Trusted Publishers and/or Trusted Locations,” says Tristan Davis, Partner Group Program Manager, Office Platform.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply