Microsoft blocking VBA macros by default in various Office Apps

Microsoft blocking VBA macros by default in various Office Apps

The feature was being used by hackers to export malicious software via Microsoft Office files downloaded from the net through macros.

Microsoft has announced that it will disable macros written in Visual Basic Applications by default in a number of Office applications. The change will affect Office files that contain macros and are downloaded from the internet; thus, Office users will no longer be able to access specific material with a simple click of a button.

While macros were designed to aid in the automation of specific processes in Office documents, attackers have long used macros in email attachments as a virus distribution tool. Malicious macros in Office documents accounted for 45 percent of all malware distribution strategies, according to a Cofense analysis from 2018.

In a blog post today, Microsoft acknowledged the problem, noting that “bad actors transmit macros in Office files to end-users who mistakenly enable them,” allowing malicious payloads to be delivered. “Malware, compromised identity, data loss, and remote access can all have serious consequences,” Microsoft added.

Hackers have been using pernicious macros in Office documents for years, and while Office has long asked users to click to allow macros to execute, this simple button might lead to “serious consequences,” including malware, compromised identity, data loss, and remote access. A security risk banner will appear instead of a button, with a link to a Microsoft support article but no quick method to activate macros.

Microsoft’s new security banner

Microsoft mentioned the many issues that security professionals are now experiencing, including cloud migrations, securing remote workers, and the ongoing pandemic, in announcing the future intention to disable all macros by default.

 “We need to make it more difficult to enable macros in files downloaded from the internet for the protection of our customers,” Microsoft wrote in the blog post. As a result, “VBA macros downloaded from the internet will now be prohibited by default,” according to the business. The change will affect the three most commonly used Office applications, Word, Excel, and PowerPoint, as well as Access and Visio. “Users will no longer be able to enable content with a click of a button for macros in files downloaded from the internet,” Microsoft warned. “The default is more secure, and it should keep more people safe, including home users and information workers in managed enterprises,” says the company. Microsoft intends to test the upgrade with Current Channel (Preview) users in early April before making it available to all Microsoft 365 subscribers. Access, Excel, PowerPoint, Visio, and Word on Windows will

be affected by the change to restrict VBA macros from the web. Microsoft also aims to restrict online VBA macros in Office LTSC, Office 2021, Office 2019, Office 2016, and even Office 2013.

This is a significant move that might have an important impact on many legitimate VBA macro use cases, as it implies that Office users will only be able to activate macros by clicking an unblock option on the file’s settings. That’s a little extra step than normal, and Microsoft is hoping they’ll help avoid security breaches further.

“Macros account for roughly 25% of all ransomware entry,” says Kevin Beaumont, a security researcher and former Microsoft employee. “Derisk macros and macro functions as much as possible. It’s quite crucial. Thank you to everyone who worked behind the scenes to make this happen.” Marcus Hutchins, a security researcher best recognised for stopping the worldwide WannaCry ransomware assault, praised Microsoft’s adjustments but observed that after years of malware infections, the corporation has “chosen to perform the bare minimum.”

Provided that VBA macros have been a threat to Office users for many years, disabling macros by default is a great step that took Microsoft far too long to complete.

Add a Comment

Your email address will not be published.