Historically, malicious Office macros have been the equivalent of email’s phishing attempts, launching malware at the click of a user’s mouse. Microsoft said Monday that it’s finally clamping down on this security vulnerability, blocking Visual Basic (VBA) macros by default.
To date, Microsoft has warned users about the dangers of untrusted macros, but allowed users to download and run them by manually approving them. Now, untrusted macros will be blocked by default within Access, Excel, PowerPoint, Visio, and Word for any file downloaded from the Internet. The change will roll out to Microsoft’s Current Channel of these Microsoft 365 apps beginning in April, and applied later to the other update channels, too. This is the warning message you’ll see if Microsoft blocks an untrusted VBA macro.Microsoft
“At a future date to be determined, we also plan to make this change to Office LTSC, Office 2021, Office 2019, Office 2016, and Office 2013,” Microsoft added in a blog post Monday.
Apps like Excel can run scripts and other “active content” to automate processes and import data from outside sources. VBA can be a source of great power for Excel pros. The problem is that without downloading these macros from a trusted source, there’s really no way of telling of what they’re downloading, or what actions that code will take.
Microsoft has recognized the security issues associated with macros for some time. “The enduring appeal for macro-based malware appears to rely on a victim’s likelihood to enable macros. Previous versions of Office include a warning when opening documents that contain macros, but malware authors have become more resilient in their social engineering tactics, luring users to enable macros in good faith and ending up infected,” the company wrote in 2016.
Technically, the block will apply to macros downloaded from the Web, with what Microsoft calls with the Mark of the Web applied. The macro will still be loaded if the file comes from a trusted location, or if the macro is digitally signed, with the security certificate supplied to the user. The macro will also run if the user had previously opened the file, before this change in default behavior, and had selected Enable content from the Trust Bar, according to a Microsoft support document. In that case, the macro is considered to be trusted. That support document also details how enterprises can manage macros by policy.
Microsoft has previously put in protections in place to help manage macros, and it’s unclear whether those protections will still be in place. For example, Microsoft announced Application Guard in 2019, as a way to sandbox untrusted spreadsheets and other documents. The idea is that if an untrusted document contained malware, it would be isolated from your PC. Microsoft representatives did not immediately respond to a request for comment. https://www.pcworld.com/article/612522/microsoft-will-block-office-vba-macros-by-default.html
Login to add comment
Other posts in this group
In another blow for Intel’s “Arrow Lake” or Core Ultra 200S platform,
DOOM 2016 is one of my favorite shooters, and a big part of
Cleaning a swimming pool ranks right up there with scrubbing bathroom
Both my parents grew up in the computer industry of the 1970s and 80s
I’ve been using Shokz bone conduction, open-ear headphones for years—
It pains me to admit this as an Android fanboy all the way back to th
Devices need security updates to stay safe. That’s probably not news
