Microsoft Takes Aim at Malicious Office Macros
Microsoft has finally taken action against a common threat vector, blocking by default Office macros downloaded from the internet.
A vast range of threat actors sent users phishing emails containing innocuous-looking attachments. However, they often contain embedded Visual Basic for Applications (VBA) macros obtained from the internet.
Once enabled by users with a single click, these initiate a download of a malicious payload to support information theft, ransomware and other attacks.
Microsoft’s latest action is intended to enable the continued use of legitimate macros while making it harder for threat actors to socially engineer users into enabling malicious content.
“For macros in files obtained from the internet, users will no longer be able to enable content with a click of a button. A message bar will appear for users notifying them with a button to learn more. The default is more secure and is expected to keep more users safe including home users and information workers in managed organizations,” it explained.
“Organizations can use the ‘Block macros from running in Office files from the internet’ policy to prevent users from inadvertently opening files from the internet that contain macros. Microsoft recommends enabling this policy, and if you do enable it, your organization won’t be affected by this default change.”
The new rules will apply to the five most common Office apps: Access, Excel, PowerPoint, Visio, and Word. It will impact only Office running on Windows devices, with the changes rolled out from version 2203, starting with Current Channel (Preview) in early April 2022.
Later, the change will be available in the other update channels, such as Current Channel, Monthly Enterprise Channel and Semi-Annual Enterprise Channel.
Oliver Tavakoli, CTO at Vectra, argued that default settings matter in cybersecurity.
“Seemingly 50-50 decisions made by product managers at application and platform providers can expose their customers to extraordinary risk. As the example of VBA macros demonstrates, once such a choice has been made it’s a difficult and lengthy process to change the default to something more secure as the fear of breaking things creates a form of institutional paralysis,” he added.
“The security lesson is simple: leave features which may have security implications off by default and let customers choose whether the benefit of the feature outweighs the security risk of having it on.”
More Stories
Friday Squid Blogging: Searching for the Colossal Squid
A cruise ship is searching for the colossal squid. As usual, you can also use this squid post to talk...
Over 850 Vulnerable Devices Secured Through CISA Ransomware Program
CISA’s RVWP program sent 1754 ransomware vulnerability notifications to government and critical infrastructure entities in 2023, leading to 852 devices...
Long Article on GM Spying on Its Cars’ Drivers
Kashmir Hill has a really good article on how GM tricked its drivers into letting it spy on them—and then...
Ring to Pay Out $5.6m in Refunds After Customer Privacy Breach
The US Federal Trade Commission will send $5.6m worth of refunds to the spied-on customers of the Amazon-owned home camera...
How to Avoid Romance Scams
It’s the romance scam story that plays out like a segment on a true crime show. It starts with a...
“Junk gun” ransomware: the cheap new threat to small businesses
A wave of cheap, crude, amateurish ransomware has been spotted on the dark web - and although it may not...