Office macros are used by malicious actors to attack computer systems. The main use of macros is automation, to run a set of commands and actions without user interaction.
The extensive capabilities of macros have been used by malicious actors to attack computer systems. Victims just need to run Office files with malicious macros to initiate the attack on the local machine. The Office documents are spread using various channels, including by email, on websites, or through sophisticated targeted attacks.
Microsoft has been working for some time on improving the security of systems in regards to Office macros. The company announced plans to block macros in Office documents by default, if the documents were downloaded from the Internet.
VBA macros are a common way for malicious actors to gain access to deploy malware and ransomware. Therefore, to help improve security in Office, we’re changing the default behavior of Office applications to block macros in files from the internet.
Currently, when Office documents with macros are downloaded, users get an option to enable the content so that the macro is active in the document. The change replaces the old option with a warning message stating “Security Risk Microsoft has blocked macros from running because the source of this file is untrusted”. The option to enable the macro is no longer displayed.
A “learn more” link is provided, which opens a support page on the Microsoft website. There, Microsoft explains why the “potentially dangerous macro has been blocked”.
Macros can add a lot of functionality to Office, but they are often used by people with bad intentions to distribute malware to unsuspecting victims.
Macros aren’t required for everyday use like reading or editing a document in Word or using Excel workbooks. In most cases you can do everything you need to do in Office without allowing macros to run.
The web page includes instructions on enabling macros for specific documents.
How to enable macros in specific Office documents
- Locate the Office document on the local hard drive, a network share or a cloud share, such as OneDrive using File Explorer.
- Right-click on the Office file and select Properties from the context menu. If you use Windows 11, select “Show More Options” and then Properties.
- Locate the “unblock” checkbox at the bottom of the page next to Security and check it.
Doing so unblocks the file on the system, so that macros are executed in the Office document. The process needs to be repeated whenever a new Office document that has been downloaded from the Internet requires macros to run.
IT administrators may use policies to block macros entirely or to allow them. Check this Microsoft Docs page for instructions on doing so.
Microsoft postponed the change. If you check the roadmap listing, you will notice that it is now scheduled for September 2022.
The company has not made a public announcement regarding the postponing yet. Microsoft did announce the postponing in the Microsoft 365 message center according to Bleeping Computer. Microsoft employees Angela Robertson and Wenjun Gong confirmed the decision in comments on the Tech Community website.
[..] Based on feedback, we’re rolling back this change from Current Channel production. We appreciate the feedback we’ve received so far, and we’re working to make improvements in this experience. We’ll provide another update when we’re ready to release again to Current Channel. Thank you.
The employees did not provide specifics on the delay or the feedback that Microsoft received that led to the decision to postpone the change.
Starting in September 2022, macros in Internet downloaded Office documents will be blocked, provided that Microsoft does not postpone the change again and fails to tell most of its customers about it.
Now you: do you run Office documents with macros on your devices?