08 February 2022

Helping users stay safe: Blocking internet macros by default in Microsoft Office

It’s a challenging time in software security; migration to the modern cloud, the largest number of remote workers ever, and a global pandemic impacting staffing and supply chains all contribute to changes in organizations. Unfortunately, these changes also give bad actors opportunities to exploit organizations:

“Cybercriminals are targeting and attacking all sectors of critical infrastructure, including healthcare and public health, information technology (IT), financial services, and energy sectors. Ransomware attacks are increasingly successful, crippling governments and businesses, and the profits from these attacks are soaring.”

For years Microsoft Office has shipped powerful automation capabilities called active content, the most common kind are macros. While we provided a notification bar to warn users about these macros, users could still decide to enable the macros by clicking a button. Bad actors send macros in Office files to end users who unknowingly enable them, malicious payloads are delivered, and the impact can be severe including malware, compromised identity, data loss, and remote access.

"A wide range of threat actors continue to target our customers by sending documents and luring them into enabling malicious macro code.  Usually, the malicious code is part of a document that originates from the internet (email attachment, link, internet download, etc.).  Once enabled, the malicious code gains access to the identity, documents, and network of the person who enabled it."

For the protection of our customers, we need to make it more difficult to enable macros in files obtained from the internet.

We’re introducing a default change for five Office apps that run macros: VBA macros obtained from the internet will now be blocked by default.

For macros in files obtained from the internet, users will no longer be able to enable content with a click of a button. A message bar will appear for users notifying them with a button to learn more. The default is more secure and is expected to keep more users safe including home users and information workers in managed organizations.

www.microsoft.com


No comments:

Post a Comment