Microsoft is finally cracking down on Office Macros, an automation feature that hackers have been using for years to spread malware.
The company today announced that it will by default block Visual Basic application macros contained in files retrieved from the Internet. The change will roll out to five Office apps, including Access, Excel, PowerPoint, Visio and Word, for Windows devices in early April.
Macros have long been used to distribute malicious files on Windows computers. A generic macro can let you automate a range of tasks with a single command. But in the wrong hands, a malicious macro can be rigged to automate a Windows computer to download malware.
As a result, hackers have favored macros in phishing email attacks involving Office documents. People who open documents and run macros will inadvertently download malware to their computers, which can also pave the way for ransomware packages.
Microsoft is well aware of the threat, but it has left it up to IT administrators to determine how aggressive to be with macro-blocking. Microsoft also added an alert bar when opening Office documents containing macros. But users can easily be tricked to bypass it with a single click.
On Tuesday, Microsoft indicated that security measures are not enough to deter hackers. “To protect our customers, we need to make it more difficult to enable macros in files retrieved from the Internet,” the company wrote in a blog post.
“For macros in files retrieved from the Internet, users will no longer be able to enable content with the click of a button,” Microsoft said. “A message bar will appear to inform users along with a button to know more. The default is more secure and is expected to protect more users, including home users and information workers in managed organizations. ,
Users who click the “Learn More” button will be taken to a Microsoft article that explains the danger of malicious macros. The same article will also contain instructions on how to run the macro when the user thinks the file is safe. This involves re-saving the file to the local hard drive, going into the file’s properties, and manually unblocking the document.
Microsoft said that default macro blocking will begin to appear in version 2203 of Microsoft 365, which is expected to arrive in early April. “At a future determined date, we plan to make this change in Office LTSC (Long Term Serving Channel), Office 2021, Office 2019, Office 2016 and Office 2013 as well,” the company said.