Skip to main content

Now Microsoft Office is blocking macros by default

Image by Alex Castro / The Verge

There’s been a bit of back and forth since the change was originally announced, but this week Microsoft started rolling out an update to Microsoft Office that blocks the use of Visual Basic for Applications (VBA) macros on downloaded documents.

Last month, Microsft was testing the new default setting when it suddenly rolled back the update, “temporarily while we make some additional changes to enhance usability.” Despite saying it was temporary, many experts worried that Microsoft might not go through with changing the default setting, leaving systems vulnerable to attacks. Google Threat Analysis Group leader Shane Huntley tweeted, “Blocking Office macros would do infinitely more to actually defend against real threats than all the threat intel blog posts.”

Now the new default setting is rolling out, but with updated language to alert users and administrators what options they have when they try to open a file and it’s blocked. This only applies if Windows, using the NTFS file system, notes it as downloaded from the internet and not a network drive or site that admins have marked as safe, and it isn’t changing anything on other platforms like Mac, Office on Android / iOS, or Office on the web.

Microsoft:

We’re resuming the rollout of this change in Current Channel. Based on our review of customer feedback, we’ve made updates to both our end user and our IT admin documentation to make clearer what options you have for different scenarios. For example, what to do if you have files on SharePoint or files on a network share. Please refer to the following documentation:

• For end users, A potentially dangerous macro has been blocked

• For IT admins, Macros from the internet will be blocked by default in Office

If you ever enabled or disabled the Block macros from running in Office files from the Internet policy, your organization will not be affected by this change.

While some people use the scripts to automate tasks, hackers have abused the feature with malicious macros for years, tricking people into downloading a file and running it to compromise their systems. Microsoft noted how administrators could use Group Policy settings in Office 2016 to block macros across their organization’s systems. Still, not everyone turned it on, and the attacks continued, allowing hackers to steal data or distribute ransomware.

Users who try to open files and are blocked will get a pop-up sending them to this page, explaining why they probably don’t need to open that document. It starts by running through several scenarios where someone might try to trick them into executing malware. If they really do need to see what’s inside the downloaded file, it goes on to explain ways to get access, which are all more complicated than what happened before, where users could usually enable macros by pressing one button in the warning banner.

This change may not always stop someone from opening up a malicious file, but it does provide several more layers of warnings before they can get there while still providing access for the people that say they absolutely need it.



Source: The Verge

Popular posts from this blog

Follow these steps to connect a Pro Controller to your Android phone

Playing games on your smartphone is one of the best ways to entertain yourself. However, it can be tough to play with some games when you're just tapping on a screen. Fortunately, it's possible to sync up a traditional controller. That's where it's nice to connect your Nintendo Switch Pro Controller and get playing on the best gaming phones . By the way, the Playstation 4 controller as well as the Xbox One controller are also compatible with Android devices, if you'd prefer to use one of those. Note: You will only be able to use a Pro Controller if your phone is running Android 10 and if the game you're playing supports controllers. Additionally, the process for syncing the controller with your phone will be different from one phone to the next. How to use Switch controller on Android: Sync Pro Controller to your phone via Bluetooth Do keep in mind that some Android games — including some of the most popular titles like Genshin Impact — don't act

FCC approves broadband 'nutrition labels' to help you shop for internet

The FCC is pushing nutrition labels for internet providers. What you need to know The FCC has voted to move forward with new rules for ISPs to display nutrition labels. The proposed rulemaking would mandate ISPs to display relevant speed and pricing information to consumers. This should make it easier for consumers to make an informed decision on their broadband. The FCC voted unanimously on a plan that would allow consumers to make better decisions about their broadband internet. The proposal will require internet service providers (ISPs) - including many of the best wireless carriers in the U.S. — to display "nutrition labels" that display relevant service information for consumers at point-of-sale. This includes internet speeds, allowances, and clear information on rates. "If you walk into any grocery store and pull boxes of cereal from the shelves, you can easily compare calories and carbohydrates," FCC Chair Jessica Rosenworcel said in a statemen

I replaced my Steam Deck’s noisy fan and am so happy I did

Photo by Sean Hollister / The Verge 160 hours into Elden Ring, I’m sure of one thing: the single most annoying thing about my Steam Deck is its whiny fan. And now, I’m so happy to report there’s a way to fix it. It takes roughly 15 minutes and $30 — depending on where you live — to install a replacement fan from iFixit. Five days ago, the repair company finally got a large shipment of those fans , and I bought one right away. Now, my Steam Deck’s tiny screech is gone. Is the fan still loud? Yes, yes it is, but it’s a whoosh instead of a whine. I like to think of it as the sound of air escaping the Deck’s vents, but mostly, I don’t think about it at all. I can easily tune out the new whoosh, whereas the whine always managed to get my attention even after Valve tweaked its software to bring the fan noise down. In fact, the new fan has less whine than the electrical tape trick I showed you in April , and — YMMV — seems to be oh-so-slightly quieter overall. I did an admittedly

You can make your new Pixel look like a Teenage Mutant Ninja Turtle

A cool thing about Google’s Pixel 6 series phones is their unique camera bar design . If the finish of that strip were a different color than black — specifically blue, orange, purple, or red — it would totally look kind of like the Teenage Mutant Ninja Turtles . And now that you can’t unsee the resemblance, device outfitter Dbrand would like to help make your Pixel 6 device look like one of your favorite childhood heroes. With Google’s latest phone the Pixel 6a releasing next week , Dbrand decided it's a good time to revisit the sewers and launch its Teenage Mutant Ninja Pixels decals for all three phones. They match the green heroes-in-a-half-shell plus their masks, and include four camera decal strips that reflect the colors of Leonardo, Michelangelo, Donatello, and Raphael. Personally, I think the Pixel 6a’s two-camera array does the best job looking like proper eyes (the spidery camera array of the Pixel 6 and 6 Pro, not so much). Available now for the Pixel 6a: https://