Following some back and forth, Microsoft this week began rolling out an update to Microsoft Office, which prevents VBA macros from being used on downloaded files.
When Microsoft tested the new default setting last month, it suddenly rolled back the update “temporarily while we make some additional changes to enhance usability.” Although Microsoft said it was temporary, many experts were concerned that Microsoft might not go through with changing the default setting.
In een tweet, Google Threat Analysis Group leader Shane Huntley said, “Blocking Office macros would do infinitely more to defend against real threats than all the threat intel blog posts combined.”
The new default setting is currently rolling out, but updated language alerts users and administrators to their options when a file is blocked.
It only applies to Windows, using the NTFS file system that notes it as downloaded from the internet and not a network drive or site administrators have marked safe. It does not affect other platforms like Mac, Office on Android / iOS, or Office online.
Even though some people use the scripts to automate tasks, hackers have exploited the feature for years with malicious macros, tricking people into downloading a file and executing it to compromise their computers.
Administrators can block macros across their organization’s systems using Group Policy settings in Office 2016. However, not everyone turned it on, so hackers were able to steal data and distribute ransomware.
When a blocked file is opened, a pop-up will explain why the user should not open it. As a first step, it discusses several scenarios in which someone might try to trick them into executing malware.
Usually, users could enable macros by pressing one button in the warning banner, but now users need to follow the instructions if they need to see what’s inside the downloaded file.
Although this change may not always prevent someone from opening a malicious file, it does provide several more layers of warning before they get there while still allowing access for those who must have it.