In one of the most impactful changes made in recent years, Microsoft has announced today that it is now blocking by default the execution of VBA macro scripts inside five Office applications.
Starting today, Access, Excel, PowerPoint, Visio, and Word users will not be able to enable macro scripts inside untrusted documents that they downloaded from the internet.
The change, which security researchers have been requesting for years, is expected to put a serious roadblock for malware gangs, which have relied on tricking users into enabling the execution of a macro script as a way to install malware on their systems.
In these attacks, users typically receive a document via email or which they are instructed to download from an internet website. When they open the file, the attacker typically leaves a message instructing the user to enable the execution of the macro script.
While users with some technical and cybersecurity knowledge may be able to recognize this as a lure to get infected with malware, many day-to-day Office users are still unaware of this technique and end up following the provided instructions, effectively infecting themselves with malware.
Image: FortinetDealing with this problem has been a thorn in Microsoft’s foot since VBA macro scripts are often used inside companies to automate certain operations and tasks when opening certain files, such as importing data and updating content inside the document from dynamic sources.
Since the early 2000s, Microsoft has tried addressing this issue by showing a mild security warning in the form of a toolbar at the top of the document, but this warning also contained controls allowing users to execute the macro scripts.
Image: MicrosoftAfter today’s change, this warning has now been changed to show a red alert bar notifying the user that the document contains macros but which cannot be enabled for security reasons.
Image: MicrosoftThis alert is similar to what was typically shown to Office users when system administrators used a Group Policy to block the execution of macro scripts for an entire organization.
Microsoft announced the change today in a blog post on its Tech Community portal. The blog post also contains a description of the logic that the five Office apps will follow when deciding if to allow or block the execution of macro scripts inside a document.
Image: MicrosoftMicrosoft said the decision to block VBA macros by default only affects Access, Excel, PowerPoint, Visio, and Word on Windows. Documents that contain VBA macros that have been created and obtained from inside an organization’s trusted network will still be allowed to execute.
The move will impact the distribution of a large number of commodity malware strains, but also many financially and politically-motivated espionage campaigns; however, these operations will most likely continue using other techniques.
Previously, Microsoft also blocked the execution of Excel 4.0 (XLM) macro scripts after similar abuse from malware gangs.
The post Microsoft blocks internet macros by default in five Office applications appeared first on The Record by Recorded Future.
Article Link: Microsoft blocks internet macros by default in five Office applications - The Record by Recorded Future