Microsoft on Monday said it’s taking steps to disable Visual Basic for Applications (VBA) macros by default across its products, including Word, Excel, PowerPoint, Access, and Visio, for documents downloaded from the web in an attempt to eliminate an entire class of attack vector.
“Bad actors send macros in Office files to end users who unknowingly enable them, malicious payloads are delivered, and the impact can be severe including malware, compromised identity, data loss, and remote access,” Kellie Eickmeyer said in a post announcing the move.
While the company warns users against allowing macros to be placed in Office files, unwary users, e.g. recipients of phishing email, can still be convinced into activating the feature. This allows attackers access to the entire system.
As a result of this change, if a user downloads or opens attachments containing macros from the Internet, an app will display a warning banner that states, “Microsoft have blocked macros running since the source file is not trusted.” “
“If a downloaded file from the internet wants you to allow macros, and you’re not certain what those macros do, you should probably just delete that file,” Microsoft cautions, outlining the security risk of bad actors using macros.
That said, users can unblock macros for any downloaded file by right-clicking the file and selecting Properties from the context menu, and ticking the “Unblock” checkbox from the General tab. The updates are expected to be applied to Microsoft 365 users in April 2022, with plans to backport the feature to Office LTSC, Office 2021, Office 2019, Office 2016, and Office 2013 at a “future date. “
The move arrives less than a month after the Windows maker disabled Excel 4.0 (XLM) macros, another widely abused feature to distribute malware, by default for protecting customers against security threats.