Microsoft to block Office VBA macros by default


Microsoft is finally planning to block Visual Basic for Applications (VBA) macros by default in a variety of Office apps. The change will apply to Office files that are downloaded from the internet and include macros, so Office users will no longer be able to enable certain content with a simple click of a button.

“The default is more secure and is expected to keep more users safe including home users and information workers in managed organizations,” explains Kellie Eickmeyer, a principal PM at Microsoft.

Hackers have been targeting Office documents with malicious macros for years, and while Office has long prompted users to click to enable macros running, this simple button could lead to “severe including malware, compromised identity, data loss, and remote access.” Instead of a button, a security risk banner will appear with a link to a Microsoft support article, but no easy way to enable macros.

Microsoft’s new security banner.
Image: Microsoft

Microsoft is planning to preview the change with its Current Channel (Preview) users in early April, before rolling out to its regular Microsoft 365 customers. The change to block VBA macros from the web will affect Access, Excel, PowerPoint, Visio, and Word on Windows. Microsoft also plans to update Office LTSC, Office 2021, Office 2019, Office 2016, and even Office 2013 to block internet VBA macros.

This is a big change that could impact a lot of genuine use cases for VBA macros, and it means that Office users will only be able to enable the macros by specifically ticking an unblock option on the properties of a file. That’s a lot more steps than usual, and ones that Microsoft is hoping will help prevent security issues in the future.

“Macros account for about 25 percent of all ransomware entry,” explains security researcher and former Microsoft employee Kevin Beaumont. “Keep derisking macros and macro functions. It’s really important. Thank you all the people behind the scenes doing this.” Marcus Hutchins, a security researcher best known for halting the global WannaCry malware attack, also celebrated Microsoft’s changes but noted the company has “decided to do the bare minimum” after years of malware infections.


Source link

Related articles

Xbox Series X consoles are available for Best Buy’s Totaltech members

The Xbox Series X is sometimes a little easier to buy than Sony’s PlayStation 5, but that doesn’t mean it’s a simple endeavor. The good news is that Best Buy has...

Our Flag Means Death creator David Jenkins fancies a fine narrative fabric

For many people, Our Flag Means Death was an unexpected history lesson about the adventures of Stede Bonnet, the real 18th-century pirate who loved the high seas almost as much as...

How to change your default browser in Windows 11

If you’ve updated your PC from Windows 10 to Windows 11, you may have noticed that when you click on a link for a website, a PDF document, or a variety...

Fortnite’s Zero Build mode is bringing people back to the game

Fortnite’s latest season kicked off a big shakeup: developer Epic Games removed building, perhaps the game’s most iconic feature, from the core battle royale modes. It was a risky move that...

What Elon Musk’s Twitter ‘free speech’ promises miss

Thursday morning, Elon Musk offered to buy Twitter to save free speech. “I invested in Twitter as I believe in its potential to be the platform for free speech around the...

Latest articles