Microsoft is reversing its decision to block Office macros by default

- Advertisement -


Screenshot of a Microsoft Word document with malicious macros embedded as part of an IRS-themed malware campaign.

- Advertisement -

A Microsoft Word document with a malicious macro embedded as part of an IRS-themed malware campaign. Image credits: Microsoft.

- Advertisement -

Microsoft has said it still plans to block Visual Basic Application (VBA) macros by default in Office applications after quietly rolling back a planned change last month.

VBA macros are lines of code that allow users to automate routine processes, such as collecting data or performing certain tasks, in Microsoft Office applications. While this makes them a handy business tool, especially in accounting and finance, macros have long been popular among cybercriminalswhich, until recently, could easily inject a malicious macro into a document for delivery malware through email attachments.

- Advertisement -

In February, Microsoft announced, much to the delight of the cybersecurity community, that it would soon block running VBA macros obtained from the Internet by default. The change, which Microsoft says will “prevent users from unintentionally opening files from the Internet that contain macros,” was due to go into effect in June. But, as noted Beeping ComputerMicrosoft quietly rolled back this change on June 30, citing unspecified “user feedback”.

Microsoft faced a flurry of angry comments in Reddit topics and on social media lamenting the change in attitude. But the software giant has since confirmed that the unexpected reversal was only temporary, adding that it is “fully committed” to blocking internet macros by default.

“Following user feedback, we have temporarily rolled back this change while we make some additional changes to improve usability. This is a temporary change, and we are fully committed to making the changes the default for all users,” said Kelly Eikmeier, general product manager at Microsoft, in blog post update.

Microsoft said in a blog post that users can still block internet macros by changing certain Group Policy settings.

TechCrunch asked Microsoft how it plans to improve usability and when macro blocking will take effect, but a spokesperson did not immediately comment.

The move to macro blocking by default seemed to work until Microsoft canceled it last month. Emotet’s recent test campaign observable Cybersecurity firm ESET says attackers may already be ditching macro-based attacks given Microsoft’s plans to block VBA macros by default. Emotet, the infamous botnet used by cybercriminals to send spam, is already replacing Microsoft Word documents with a label as a malicious attachment.

HP Wolf stated in May that it is also there is an increase among attackers accessing non-Office formats as Microsoft began blocking macros, including a fourfold increase in the use of Java archive files.


Credit: techcrunch.com /

- Advertisement -

Stay on top - Get the daily news in your inbox

DMCA / Correction Notice

Recent Articles

Related Stories

Stay on top - Get the daily news in your inbox