It’s been a little back and forth since the change was originally announcedhowever, this week Microsoft began rolling out an update to Microsoft Office that blocks the use of Visual Basic for Applications (VBA) macros in downloaded documents.
Last month, Microsoft was testing the new default setting when it abruptly rolled back the update “temporarily while making some additional changes to improve usability”. Although it says it’s temporary, many experts worry that Microsoft might not change the default setting, leaving systems vulnerable to attacks. Shane Huntley, leader of the Google Threat Analysis Group tweeted out“Blocking Office macros do much more than all threat intelligence blog posts to truly defend against real threats.”
The new default setting is now rolling out, but with updated language to alert users and administrators what options they have when they try to open a file and the file is blocked. This is only true if Windows using the NTFS file system notes it as downloaded from the internet and not from a network drive or site that administrators have marked as safe, and Mac doesn’t change anything on other platforms like Office on Android/. Office on iOS or the web.
We’re continuing to roll out this change on the current Channel. Based on our review of customer feedback, we’ve made updates to both our end user and IT admin documentation to make it clearer what options you have for different scenarios. For example, what should you do if you have files in SharePoint or files on a network share. Please refer to the following documents:
• For end users, A potentially dangerous macro has been blocked
• For IT administrators, macros from ininternet will be blocked by default in Office
If you have enabled or disabled Prevent macros from running on Office files from the Internet policy, your organization will not be affected by this change.
While some people use scripts to automate tasks, hackers have abused this feature for years with malicious macros, convincing people to download a file and run it to compromise their systems. Microsoft noted how administrators Can use Group Policy settings in Office 2016 to block macros on their organization’s systems. Not everyone opened it, though, and the attacks continued, allowing hackers to steal data or distribute ransomware.
Users who try to open files and are blocked will get a popup posting them on this pageexplains why they probably don’t need to open this document. It starts by going through a few scenarios where someone might try to trick them into running malware. If they really need to see what’s inside the downloaded file, it explains ways to gain access that are more complex than before, where users can activate macros, usually with the push of a button in the alert banner.
This change may not always stop someone from opening a malicious file, but it does provide a few more layers of warning before they get there, while giving access to people who say they absolutely need it.
