- Buy Microsoft Visio Professional or Microsoft Project Professional 2024 for just $80
- Get Microsoft Office Pro and Windows 11 Pro for 87% off with this bundle
- Buy or gift a Babbel subscription for 78% off to learn a new language - new low price
- Join BJ's Wholesale Club for just $20 right now to save on holiday shopping
- This $28 'magic arm' makes taking pictures so much easier (and it's only $20 for Black Friday)
Microsoft rollback on macro blocking in Office sows confusion
Dive Brief:
- Microsoft is rolling back the February decision to block internet macros by default in Office so it can make the changes more user friendly, the company said in an update to an earlier blog post. Microsoft cited user feedback for the roll back.
- The change is temporary and Microsoft is “fully committed” to making the default change for all users, Kellie Eickmeyer, principal product manager at Microsoft, said in the blog.
- A number of security researchers raised questions about the decision and the limited amount of transparency Microsoft offered for the change.
Dive Insight:
The original reason for disabling macros by default was based on “the clear threat landscape trend of many years” by bad actors to leverage macros in order to execute additional code for malicious attacks, Sherrod DeGrippo, VP, threat research and detection at Proofpoint, said via email
The prior decision to disable macros was hailed by the security community, DeGrippo said, noting a 66% drop in the use of macros after the initial change.
“The direction Microsoft is going is puzzling to threat researchers and defenders,” she said. “We’re watching carefully to see how the threat landscape changes as this confusion affects the industry and how organizations respond to the changing guidance.”
The move to block macros came from the considerable threat activity by malicious actors.
Emotet began testing new techniques in the months following the February rollback, when Microsoft announced it would begin blocking Visual Basic for Application macros by default.
Even with changes in the default setting macros can still be disabled by using group policy settings.
Despite the setback for defenders, the big picture remains that Microsoft plans to return to blocking macros in the near term, according to Red Canary researchers.
“What matters most of all is that Microsoft still plans to block these macros by default at some point in the future,” Brian Donohue, principal information security specialist at Red Canary, said via email. “Blocking VBA macros by default is an objectively good security outcome for everyone. We just have to wait a little bit longer to get there.”