Microsoft Office is finally making this vital security change across Excel, Word and more

Office
(Image credit: Shutterstock)

Microsoft has announced a significant security policy change, decreeing that users will soon no longer be able to activate VBA macros in certain documents from five of its most popular Office apps.

When it finally pulls the plug, users will no longer be able to run any VBA macros in Microsoft Word, Excel, Access, PowerPoint and Visio, for “untrusted” documents.

It seems that all files shared from outside the company network will be deemed “untrusted”, meaning all files coming from the same domain should still be able to keep their macros.

Macros - a super-useful liability

Macros are a big deal, for both businesses, and cybercriminals. 

They are usually used to automate various tasks, such as importing or updating data coming from third-party sources. But the problem is that they can easily be abused by malicious actors to distribute ransomware, malware, steal sensitive data, or for other nefarious deeds.

For years, cybercrime groups have been sharing macro-powered malicious Office documents, preying on gullible or exhausted workers. Payment receipts, warnings of failed payments, job offers, Covid-19 and vaccine information, are just some of the document types crooks would share to have people run macros and infect their endpoints.

Microsoft has tried to tackle the issue with a tentative solution - to disable the macros in downloaded files by default, and to leave the user with the option of activating it or not. 

However, as most people are not aware of the reason behind Microsoft’s decision to disable macros by default, they often end up enabling them after all. 

Now, after years of pleads by various cybersecurity firms and experts, Microsoft has finally bit the bullet and gone for the extreme option of killing macros altogether. 

The change is set to start in early April 2022, with Microsoft Office version 2203, which will be the public preview version.

Via: The Record

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Outlook
Dangerous Microsoft Outlook flaw could let hackers send out malware via email
A phone sitting on a laptop keyboard with the Microsoft Outlook logo on the screen.
Microsoft is changing the way logins work: here’s what that means for you
A Microsoft Surface Laptop being shown at Microsoft's Copilot Plus PC Showcase
Microsoft is officially cutting support for Office apps on Windows 10, so update now
Phone scammer
Microsoft thinks it could stop this dangerous scam forever
A phone sitting on a laptop keyboard with the Microsoft Outlook logo on the screen.
US government warns users to patch this critical Microsoft Outlook bug
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks
Latest in Software & Services
A man sitting at his desk in the evening and using a desktop computer
Office 2021 vs Office 2024: is it time to upgrade?
Microsoft 365 Business app logos
Office 2024 LTSC vs Microsoft 365 Business: what are the differences?
Windows 11 Start menu layout choices: Grid view
Windows 11 vs Linux for business: which operating system should you embrace?
A phone sitting on a laptop keyboard with the Microsoft Outlook logo on the screen.
Gmail vs Outlook for business: which email system is right for your organization?
Windows 11 logo
Windows 11 Pro vs Windows 11 Home: which version is right for you?
Canva HubSpot
HubSpot and Canva team up to level the creative playing field
Latest in News
Project Moohan prototype at Samsung Galaxy Unpacked, an XR goggles headset on display in a show area
Samsung's Android XR headset could avoid the Apple Vision Pro's biggest mistake, according to this leak
Rivian R1T
Big Rivian update delivers hands-off driving to rival Tesla Autopilot – and a new 'Rally' mode
The Samsung Galaxy S25 Edge, close up on the dual camera system, against a marbled background
The Samsung Galaxy S25 Edge is being tipped to come with a sweet Google Gemini deal
Matt Murdock and Kirsten McDuffie standing in a court room in Daredevil: Born Again
Daredevil: Born Again episode 3 contains another Marvel reference to Spider-Man, but it's got nothing to do with Tom Holland's Peter Parker
Man having Windows 11 problems with his laptop
Fed up of adverts creeping into Windows 11? You won’t like Microsoft’s latest update, then, although it does provide some important bug fixes
Apple Siri
Update your Apple device now: iOS 18.3.2 fixes a flaw that could be exploited by hackers