Office macros are used by malicious actors to attack computer systems. The primary use of macros is automation, to perform a set of commands and actions without user interaction.
The extended capabilities of macros have been used by malicious actors to attack computer systems. Victims only need to run Office files with malicious macros to launch the attack on the local machine. Office documents are distributed through a variety of channels, including via email, websites, or through sophisticated targeted attacks.
Microsoft has been working on improving system security against Office macros for some time. The company announced plans to block macros in Office documents by default, if the documents were downloaded from the Internet.
VBA macros are a common way for malicious actors to gain access to malware and ransomware deployment. Therefore, to help improve security in Office, we are changing the default behavior of Office applications to block macros in files from the Internet.
Currently, when Office documents containing macros are downloaded, users have the option to enable content so that the macro is active in the document. The change replaces the old option with a warning message stating “Security risk Microsoft has blocked macro execution because the source of this file is untrusted”. The macro activation option is no longer displayed.
A “learn more” link is provided, which opens a support page on the Microsoft website. There, Microsoft explains why the “potentially dangerous macro has been blocked”.
Macros can add a lot of functionality to Office, but they are often used by malicious people to distribute malware to unsuspecting victims.
Macros are not necessary for everyday use like reading or editing a document in Word or working with Excel workbooks. In most cases, you can do everything you need to do in Office without allowing macros to run.
The web page includes instructions on enabling macros for specific documents.
How to enable macros in specific Office documents
- Locate the Office document on the local hard drive, a network share, or a cloud share, such as OneDrive using File Explorer.
- Right-click on the Office file and select Properties from the context menu. If you are using Windows 11, select “Show more options” then Properties.
- Locate the “unblock” checkbox at the bottom of the page next to Security and check it.
This unlocks the file on the system, so the macros run in the Office document. The process must be repeated each time a new Office document downloaded from the Internet requires running macros.
IT administrators can use policies to block macros entirely or to allow them. See this Microsoft Docs page for instructions on how to do this.
Microsoft postponed the change. If you check out the roadmap, you’ll notice that it’s now scheduled for September 2022.
The company has yet to make a public announcement regarding the postponement. Microsoft announced the postponement in the Microsoft 365 message center according to Bleeping Computer. Microsoft employees Angela Robertson and Wenjun Gong confirmed the decision in comments on the Tech Community website.
[..] based on the feedback, we are reverting this change from the current channel production. We appreciate the feedback we’ve received so far and are working to improve this experience. We will provide another update when we are ready to post again on the current channel. Thanks.
Employees did not provide details about the delay or the feedback Microsoft received that led to the decision to postpone the change.
From September 2022, macros in Office documents downloaded from the Internet will be blocked, provided that Microsoft does not postpone the change again and notify most of its customers.
Now you: do you run Office documents with macros on your devices?