Microsoft is going to make malware distribution via Office macros difficult

Microsoft is going to make it difficult for users of Microsoft Office apps to enable VBA macros. The change will take effect in April and will affect all Office files downloaded from the web. VBA macros are used to automate operations but are also widely abused to distribute malware.

An easy target

VBA ( Visual Basic for Applications ) macros are used to automate operations. For example, you can now perform an action that normally requires you to click 10 times with one push of a button. Handy for both the seasoned professional and the everyday user. Most users are therefore not surprised to activate macros in files. This happens even though this button is shown next to a warning at the top of the file.

The problem is that hackers send a file that looks like an innocent Word document. But after opening and allowing macros, the file can run all kinds of malicious code without further user intervention. For example, an employee who opens an attachment of a normal-looking e-mail can cause many problems.

New alert

Previously, a warning was also shown and the file was only opened in read-only mode. In this mode, no changes can be made and no macros are run. Unfortunately, the warning also contains a button to activate macros anyway. Many users click this without realizing the risks, for example, because they want to edit the file.

From now on, the blocking goes one step further, because macros will be blocked by default. In addition, the warning now shows a button that leads to more information about the danger of unknown macros, instead of a button that allows the function anyway. This makes it many times more difficult for criminals to get a foot in the door of a (company) network.

What if you do need macros?

Of course, there are also legitimate reasons to use macros. Users will be able to activate macros based on a list of Trusted publishers and/or Trusted locations. This means that macros will only work if they are provided by a trusted organization or by a trusted, certified source.

Finally, it will be possible for IT administrators of companies and organizations to set via a policy that can or cannot access the macro function. For example, they can set up that data analysts and accountants can work with macros, but that employees who don’t need them can’t.

In addition, macros of Office files downloaded from the Internet can be automatically blocked. This prevents employees from accidentally activating a shadowy macro by downloading a file or opening an attachment.

As a regular user, if you are sure that the file is trustworthy, you can disable the lock via the properties of the file. The new default settings will be in effect from April 2022.

Catch up on more articles here

Follow us on Twitter here

Popular

Must read

MORE ON THIS TOPIC:

Related Posts