Since the change was first announced, there has been some back and forth; nonetheless, last week Microsoft began to distribute an upgrade to Microsoft Office that prevents the usage of Visual Basic for Applications (VBA) macros on downloaded documents.
The modification was abruptly pulled back by Microsoft last month when it was testing the new default option “temporarily while we make some more improvements to boost usability.” Despite Microsoft’s assurances that the change would only be temporary, several experts were concerned that it might not really be implemented, leaving computers open to intrusion. “Blocking Office macros would do immensely more to really fight against real attacks than all the threat intel blog postings,” tweeted Shane Huntley, chief of Google’s Threat Analysis Group.
The modified wording in the new default setting is now being rolled out to inform users and administrators of their choices when a file they are attempting to open is prohibited. This only applies if Windows, using the NTFS file system, records the download as occurring from the internet rather than a network drive or website that administrators have designated as secure. It has no effect on other platforms, such as Mac, Office for Android and iOS, or Office on the web.
While some individuals utilize the scripts to automate activities, hackers have long taken advantage of the capability by creating malicious macros that lure users into downloading and running malicious files that corrupt their computers. Microsoft explained how administrators might disable macros on all PCs inside their company by using the Group Policy settings in Office 2016. However, not everyone did, and the attacks went on, giving hackers the opportunity to steal data or spread ransomware.
Users who attempt to open files but are denied will get a pop-up directing them to this page and outlining why they most likely don’t need to open that particular file. It begins by going over a number of scenarios in which someone would attempt to dupe them into running malware. It then goes on to describe how to gain access if they truly need to view what’s within the downloaded file, all of which are more difficult than what happened previously, when users could often allow macros by clicking one button in the warning banner.
This modification may not always prevent someone from accessing a malicious file, but it does provide additional levels of warnings before they do, while still allowing access for those who claim to need it urgently.