Microsoft Takes Aim at Malicious Office Macros
Microsoft has finally taken action against a common threat vector, blocking by default Office macros downloaded from the internet.
A vast range of threat actors sent users phishing emails containing innocuous-looking attachments. However, they often contain embedded Visual Basic for Applications (VBA) macros obtained from the internet.
Once enabled by users with a single click, these initiate a download of a malicious payload to support information theft, ransomware and other attacks.
Microsoft’s latest action is intended to enable the continued use of legitimate macros while making it harder for threat actors to socially engineer users into enabling malicious content.
“For macros in files obtained from the internet, users will no longer be able to enable content with a click of a button. A message bar will appear for users notifying them with a button to learn more. The default is more secure and is expected to keep more users safe including home users and information workers in managed organizations,” it explained.
“Organizations can use the ‘Block macros from running in Office files from the internet’ policy to prevent users from inadvertently opening files from the internet that contain macros. Microsoft recommends enabling this policy, and if you do enable it, your organization won’t be affected by this default change.”
The new rules will apply to the five most common Office apps: Access, Excel, PowerPoint, Visio, and Word. It will impact only Office running on Windows devices, with the changes rolled out from version 2203, starting with Current Channel (Preview) in early April 2022.
Later, the change will be available in the other update channels, such as Current Channel, Monthly Enterprise Channel and Semi-Annual Enterprise Channel.
Oliver Tavakoli, CTO at Vectra, argued that default settings matter in cybersecurity.
“Seemingly 50-50 decisions made by product managers at application and platform providers can expose their customers to extraordinary risk. As the example of VBA macros demonstrates, once such a choice has been made it’s a difficult and lengthy process to change the default to something more secure as the fear of breaking things creates a form of institutional paralysis,” he added.
“The security lesson is simple: leave features which may have security implications off by default and let customers choose whether the benefit of the feature outweighs the security risk of having it on.”
More Stories
UK police reveal they are running fake DDoS-for-hire sites to collect details on cybercriminals
There's bad news if you're someone who is keen to launch a Distributed Denial-of-Service (DDoS) attack to boot a website...
Microsoft Fixes Security Flaw in Windows Screenshot Tools
Information disclosure vulnerability aCropalypse could enable malicious actors to recover sections of screenshots Read More
Three Variants of IcedID Malware Discovered
The new variants hint that considerable effort is going into the future of IcedID and its codebase Read More
New MacStealer Targets Catalina, Newer MacOS Versions
The malware can extract information from documents, browser cookies and login information Read More
Can zero trust be saved?
Graham Cluley Security News is sponsored this week by the folks at Kolide. Thanks to the great team there for...
Part of Twitter source code leaked on GitHub
Part of Twitter’s source code has been leaked and posted on GitHub by an unknown user. GitHub took down the...