Skip to main content

Now Microsoft Office is blocking macros by default

Image by Alex Castro / The Verge

There’s been a bit of back and forth since the change was originally announced, but this week Microsoft started rolling out an update to Microsoft Office that blocks the use of Visual Basic for Applications (VBA) macros on downloaded documents.

Last month, Microsft was testing the new default setting when it suddenly rolled back the update, “temporarily while we make some additional changes to enhance usability.” Despite saying it was temporary, many experts worried that Microsoft might not go through with changing the default setting, leaving systems vulnerable to attacks. Google Threat Analysis Group leader Shane Huntley tweeted, “Blocking Office macros would do infinitely more to actually defend against real threats than all the threat intel blog posts.”

Now the new default setting is rolling out, but with updated language to alert users and administrators what options they have when they try to open a file and it’s blocked. This only applies if Windows, using the NTFS file system, notes it as downloaded from the internet and not a network drive or site that admins have marked as safe, and it isn’t changing anything on other platforms like Mac, Office on Android / iOS, or Office on the web.

Microsoft:

We’re resuming the rollout of this change in Current Channel. Based on our review of customer feedback, we’ve made updates to both our end user and our IT admin documentation to make clearer what options you have for different scenarios. For example, what to do if you have files on SharePoint or files on a network share. Please refer to the following documentation:

• For end users, A potentially dangerous macro has been blocked

• For IT admins, Macros from the internet will be blocked by default in Office

If you ever enabled or disabled the Block macros from running in Office files from the Internet policy, your organization will not be affected by this change.

While some people use the scripts to automate tasks, hackers have abused the feature with malicious macros for years, tricking people into downloading a file and running it to compromise their systems. Microsoft noted how administrators could use Group Policy settings in Office 2016 to block macros across their organization’s systems. Still, not everyone turned it on, and the attacks continued, allowing hackers to steal data or distribute ransomware.

Users who try to open files and are blocked will get a pop-up sending them to this page, explaining why they probably don’t need to open that document. It starts by running through several scenarios where someone might try to trick them into executing malware. If they really do need to see what’s inside the downloaded file, it goes on to explain ways to get access, which are all more complicated than what happened before, where users could usually enable macros by pressing one button in the warning banner.

This change may not always stop someone from opening up a malicious file, but it does provide several more layers of warnings before they can get there while still providing access for the people that say they absolutely need it.



Source: The Verge
Labels:

Popular posts from this blog

The hidden cost of food delivery

Noah Lichtenstein Contributor Share on Twitter Noah Lichtenstein is the founder and managing partner of Crossover , a diversified private technology fund backed by institutional investors, technology execs and professional athletes and entertainers. More posts by this contributor What Studying Students Teaches Us About Great Apps I’ll admit it: When it comes to food, I’m lazy. There are dozens of great dining options within a few blocks of my home, yet I still end up ordering food through delivery apps four or five times per week. With the growing coronavirus pandemic closing restaurants and consumers self-isolating, it is likely we will see a spike in food delivery much like the 20% jump China reported during the peak of its crisis. With the food delivery sector rocketing toward a projected $365 billion by the end of the decade, I’m clearly not the only one turning to delivery apps even before the pandemic hit. Thanks to technology (and VC funding) we can get a ri
Read more

Cyber Monday Canada: Last-minute deals for everyone on your list

Best Cyber Monday Canada deals: Smart Home Audio Phones, Tablets & Accessories Wearables Laptops & PC Components Amazon products Gaming Televisions Cameras Lifestyle & Kitchen Toys & Kids Cyber Monday Canada is here, and retailers are rolling out the red carpet for customers who want to shop for everything from tech to kitchenware to games and everything in between. Unlike years past, Cyber Monday Canada deals look a bit different than normal. Instead of retailers trying to pack their stores with as many shoppers as possible, we're seeing tons of online deals that you can take advantage of from the comfort of your home. We've rounded up our favorites below, so feel free to browse through the best of what Canada Cyber Monday has to offer! This list is being updated with new Cyber Monday deals all the time, so check back often. Spotlight deals It's a Switch Nintendo Switch Fortnite Edition bundle $399.95 at Amazon It's a Switch.
Read more

iPhone 13 Pro vs. iPhone 15 Pro Buyer's Guide: 50+ Differences Compared

The iPhone 15 Pro brings over 50 new features and improvements to Apple's high-end smartphones compared to the iPhone 13 Pro, which was released two years prior. This buyer's guide breaks down every major difference you should be aware of between the two generations and helps you to decide whether it's worth upgrading. The ‌iPhone 13‌ Pro debuted in 2021, introducing a brighter display with ProMotion technology for refresh rates up to 120Hz, the A15 Bionic chip, a telephoto camera with 3x optical zoom, Macro photography and photographic styles, Cinematic mode for recording videos with shallow depth of field, ProRes video recording, a 1TB storage option, and five hours of additional battery life. The ‌iPhone 13‌ Pro was discontinued upon the announcement of the iPhone 14 Pro in 2022, but it is still possible to get hold of it second-hand. Our guide helps to answer the question of how to decide which of these two iPhone models is best for you and serves as a way to c
Read more

Slack’s new integration deal with AWS could also be about tweaking Microsoft

Slack and Amazon announced a big integration late yesterday afternoon. As part of the deal, Slack will use Amazon Chime for its call feature, while reiterating its commitment to use AWS as its preferred cloud provider to run its infrastructure. At the same time, AWS has agreed to use Slack for internal communications. Make no mistake, this is a big deal as the SaaS communications tool increases its ties with AWS, but this agreement could also be about slighting Microsoft and its rival Teams product by making a deal with a cloud rival. In the past Slack CEO Stewart Butterfield has had choice words for Microsoft saying the Redmond technology giant sees his company as an “existential threat.” Whether that’s true or not — Teams is but one piece of a huge technology company — it’s impossible not to look at the deal in this context. Aligning more deeply with AWS sends a message to Microsoft, whose Azure infrastructure services compete with AWS. Butterfield didn’t say that of course
Read more