After previously procrastinating while working on usability improvements, Microsoft has finally started blocking macros (opens in a new tab) from running on downloaded Office files.
IT administrators can now upgrade their productivity suite and prevent their employees from running Visual Basic for Applications (VBA) macros just as easily and conveniently as before.
In a post-launch announcement, Microsoft explained what "improved usability" really means, and it seems to boil down to warning language:
security hardening
"Based on our review of customer feedback, we've updated our end-user and IT administrator documentation to clarify the options you have for different scenarios," Microsoft explained. “For example, what if you have files on SharePoint or files on a network share. See the following documentation: For end users, a potentially dangerous macro has been blocked (opens in a new tab); For IT administrators, Internet macros will be blocked by default in Office (Opens in a new tab).
If you have already enabled or disabled the Block execution of macros in Office files policy from the Internet policy, your organization will not be affected by this change.
The changes only apply to Windows. If your NTFS system recognizes a file downloaded from the Internet (instead of being accessible over a network or a site labeled safe by the administrator), it will block the use of macros. Other platforms such as Mac, Office on Android/iOS, or Office on the web will remain unchanged.
Macros have proven to be a nightmare for most IT security administrators and one of the best weapons of cybercriminals for many years.
While exploited by workers to automate various tasks, criminals have hijacked macros to trick victims into downloading malware, giving threat actors unhindered access to the target network. While these changes aren't a magic bullet for macro attacks, they should significantly reduce the number of successful attacks.
- Here's our list of the best antivirus solutions (opens in a new tab) right now
Via: The Verge (Opens in a new tab)