There has been a bit of back and forth since the change was originally announced, but this week Microsoft began releasing an update to Microsoft Office that blocks the use of Visual Basic for Applications (VBA) macros in downloaded documents.
Last month, Microsoft was testing the new default configuration when it suddenly rolled back the update, “temporarily while we make some additional changes to improve usability.” Despite saying it was temporary, many experts feared that Microsoft would not change the default setting, leaving systems vulnerable to attack. Shane Huntley, Leader of Google’s Threat Analysis Group tweeted“Blocking Office macros would do infinitely more to actually defend against real threats than all the threat intelligence blog posts.”
Now the new default setting is rolling out but with updated language to alert users and admins what options they have when they try to open a file and it gets blocked. This only applies if Windows, using the NTFS file system, notes it as downloaded from the internet and not a network drive or website that admins have marked as safe and is not changing anything on other platforms like Mac, Office on Android/iOS or Office on the web.
We are resuming the rollout of this change on the current channel. Based on our analysis of customer feedback, we’ve made updates to our end-user and IT administration documentation to make it more clear what options you have for different scenarios. For example, what to do if you have files on SharePoint or files on a network share. See the following documentation:
• For end users, a potentially dangerous macro has been blocked
• For IT admins, Internet macros will be blocked by default in Office
If you’ve already enabled or disabled blocking macros from running in Office files from Internet policy, your organization will not be affected by this change.
While some people use scripts to automate tasks, hackers have abused the feature with malicious macros for years, tricking people into downloading a file and running it to compromise their systems. Microsoft has looked at how administrators can use Group Policy settings in Office 2016 to block macros on their organization’s systems. Still, not everyone turned it on and attacks continued, allowing hackers to steal data or distribute ransomware.
Users who try to open files and are blocked will get a popup sending them to this page, explaining why they probably don’t need to open this document. It starts by going through various scenarios where someone might try to trick them into running malware. If they really need to see what’s inside the downloaded file, he explains the ways to gain access, which are all more complicated than what happened before, where users could usually enable macros by pressing a button on the warning banner.
This change may not always stop someone from opening a malicious file, but it does provide several other layers of warnings before they can get there, while still providing access for people who say they absolutely need it.