It’s been a bit of back and forth since then the change was first announcedbut this week, Microsoft began rolling out an update that blocks the use of Visual Basic for Applications (VBA) macros in documents uploaded to Microsoft Office.
Last month, Microsoft was testing the new default settings when it suddenly rolled back the update, “temporarily while we make some additional changes to improve usability.” Although it says it’s temporary, many experts worry that Microsoft won’t be able to change the default settings, leaving systems vulnerable to attacks. Shane Huntley, Head of Google’s Threat Analysis Group he tweeted“Blocking office macros would do more to defend against real threats than all the threat intel blog posts.”
The new default setting is now rolling out, but with updated language to alert users and administrators about what options they have when they try to open a file and it’s blocked. This only applies if Windows is using the NTFS file system, which marks it as downloaded from the internet, not a network drive or a site marked as safe by admins, and won’t change anything on other platforms like Office on Mac, Android /. Office on iOS or on the web.
We summarize the implementation of this change in the Current Channel. Based on our review of customer feedback, we’ve made updates to both our end-user and IT admin documentation to clarify what options you have for different scenarios. For example, what if you have files in SharePoint or on a network share. Please refer to the following documents:
• For end users, A potentially dangerous macro is blocked
• For IT admins, Macros from inothe internet will be blocked by default in Office
If you have ever enabled or disabled Block macros from running in Office files from the Internet policy, your organization will not be affected by this change.
While some people use scripts to automate tasks, hackers have been abusing this feature for years with malicious macros, tricking people into downloading a file and running it to compromise their systems. Microsoft noted how administrators In Office 2016, it can use Group Policy settings blocking macros in organizational systems. Still, not everyone turned it on, and attacks that allowed hackers to steal data or spread ransomware continued.
Users who try to open files and get blocked will get a pop-up sends them to this page, which probably explains why they don’t need to open this file. It starts with a few scenarios where someone might try to trick them into running malware. If they really need to see what’s inside the downloaded file, it goes on to explain how to gain access, which is more complicated than what happened before, where users could usually run macros by clicking a button on a warning banner.
This change may not always prevent someone from opening a malicious file, but it provides a few more layers of warning before they get there, while also giving access to people who say they absolutely need it.
