Microsoft confirmed this week that it will soon start blocking Visual Basic Applications (VBA) macros in Office apps by default after quietly rolling back the change earlier this month.
In a new update, the technology giant said that it will start blocking Office macros by default starting from July 27. This comes shortly after Microsoft halted the rollout of the macros-blocking feature citing unspecified "user feedback." It's thought the initial rollout, which kicked off at the beginning of June, caused issues for organizations using macros to automate routine processes, such as data collection or running certain tasks.
In a statement given to TechCrunch, Microsoft said it paused the rollout while it “makes some additional changes to enhance usability”. The company has since updated its documentation with step-by-step instructions for end users and IT admins explaining how Office determines whether to block or run macros, which Office versions are affected by the new rules, how to allow VBA macros in trusted files and how to prepare for the change.
Microsoft announced its plans to disable macros by default back in February to stop threat actors from abusing the feature to deliver malware via email attachments. "VBA macros are a common way for malicious actors to gain access to deploy malware and ransomware," the company said. "Therefore, to help improve security in Office, we’re changing the default behavior of Office applications to block macros in files from the internet."
The cybersecurity industry applauded the move to block macros — and it appeared to be working until Microsoft’s reversal last month. ESET, for example, observed a recent Emotet test campaign that showed threat actors were already moving away from macro-based attacks in response to the change, instead replacing Microsoft Word documents with a shortcut file as the malicious attachment.
Microsoft’s macro-blocking feature will soon start rolling out to Access, Excel, PowerPoint, Visio and Word on Windows. The change won’t affect Office for Mac, Android or iOS devices.
Earlier this week, Microsoft started rolling out another security update to Windows 11 that will protect users against brute-force attacks. The feature, switched on by default in the latest Insider build of Windows 11, will see a user locked out for 10 minutes if a password is entered incorrectly 10 times.
Read more on TechCrunch: