Microsoft Office is now blocking macros by default

Image depicting a hand on a scanner
(Image credit: Pixabay)

After previously postponing while it worked on enhancing usability, Microsoft has now finally started blocking macros from running on downloaded Office files. 

IT admins can now update their productivity suite and prevent their employees from running Visual Basic for Applications (VBA) macros in the same, simple and convenient way, they used to.

In an announcement following the rollout, Microsoft explained what “enhanced usability” actually meant, and it would seem that it came down to the language of the warnings:

Tightening up on security

“Based on our review of customer feedback, we’ve made updates to both our end user and our IT admin documentation to make clearer what options you have for different scenarios,” Microsoft explained. “For example, what to do if you have files on SharePoint or files on a network share. Please refer to the following documentation: For end users, A potentially dangerous macro has been blocked; For IT admins, Macros from the internet will be blocked by default in Office.

If you ever enabled or disabled the Block macros from running in Office files from the Internet policy, your organization will not be affected by this change.”

The changes apply only on Windows. If its NTFS system recognizes a file as downloaded from the internet (as opposed to being accessed via a network, or a site labeled as safe by the admin), it will block the use of macros. Other platforms like Mac, Office on Android/iOS, or Office on the web, will not have any changes.

Macros have proved to be a nightmare for most IT security admins, and one of the best weapons for cybercriminals, for many years now.

While workers harness them to automate various tasks, crooks hijacked macros to trick victims into downloading malware, giving the threat actors unabated access to the target network. While these changes are no silver bullet for macro-powered attacks, they are expected to significantly cut down on successful attacks.

Via: The Verge

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.