Microsoft Takes Aim at Malicious Office Macros
Microsoft has finally taken action against a common threat vector, blocking by default Office macros downloaded from the internet.
A vast range of threat actors sent users phishing emails containing innocuous-looking attachments. However, they often contain embedded Visual Basic for Applications (VBA) macros obtained from the internet.
Once enabled by users with a single click, these initiate a download of a malicious payload to support information theft, ransomware and other attacks.
Microsoft’s latest action is intended to enable the continued use of legitimate macros while making it harder for threat actors to socially engineer users into enabling malicious content.
“For macros in files obtained from the internet, users will no longer be able to enable content with a click of a button. A message bar will appear for users notifying them with a button to learn more. The default is more secure and is expected to keep more users safe including home users and information workers in managed organizations,” it explained.
“Organizations can use the ‘Block macros from running in Office files from the internet’ policy to prevent users from inadvertently opening files from the internet that contain macros. Microsoft recommends enabling this policy, and if you do enable it, your organization won’t be affected by this default change.”
The new rules will apply to the five most common Office apps: Access, Excel, PowerPoint, Visio, and Word. It will impact only Office running on Windows devices, with the changes rolled out from version 2203, starting with Current Channel (Preview) in early April 2022.
Later, the change will be available in the other update channels, such as Current Channel, Monthly Enterprise Channel and Semi-Annual Enterprise Channel.
Oliver Tavakoli, CTO at Vectra, argued that default settings matter in cybersecurity.
“Seemingly 50-50 decisions made by product managers at application and platform providers can expose their customers to extraordinary risk. As the example of VBA macros demonstrates, once such a choice has been made it’s a difficult and lengthy process to change the default to something more secure as the fear of breaking things creates a form of institutional paralysis,” he added.
“The security lesson is simple: leave features which may have security implications off by default and let customers choose whether the benefit of the feature outweighs the security risk of having it on.”
More Stories
Thread Hijacking: Phishes That Prey on Your Curiosity
Thread hijacking attacks. They happen when someone you know has their email account compromised, and you are suddenly dropped into...
US Treasury Urges Financial Sector to Address AI Cybersecurity Threats
The US Treasury report sets out recommendations for financial institutions on addressing immediate AI-related operational risk, cybersecurity and fraud challenges...
Sellafield nuclear waste dump faces prosecution over cybersecurity failures
The UK's Office for Nuclear Regulation (ONR) has started legal action against the controversial Sellafield nuclear waste facility due to...
NIST Unveils New Consortium to Operate its National Vulnerability Database
After weeks of speculation, NIST has finally confirmed its intention to establish an industry consortium to develop the NVD in...
Teen Slang – What You Need To Know To Understand Your Teen
Got any ‘rizz’? Did you ‘slay’ that dinner? Is the ‘cozzie livs’ stressing you out? If you do not comprehendo,...
17 Billion Personal Records Exposed in Data Breaches in 2023
Flashpoint recorded a 34.5% rise in reported data breaches in 2023, with ransomware a major driver of this increase Read...