Microsoft Office will soon block untrusted Visual Basic for Applications (VBA) macros sourced from the cyberspace by default – a security measure users can still circumvent, permissions allowing.
The Windows giant appear that the change will come in version 2203 of Office for Windows, due in April 2022, and applies to Admission, Excel, PowerPoint, Visio, and Give-and-take. The change will come to Office LTSC, Office 2021, Office 2022, Office 2016, and Office 2013 at a date to be adamant.
Microsoft’s rationale for the change is that criminals use macros to target users, and that Office’s electric current defense force strategy is somewhat lacking.
It’s of import to notation that, plus or minus some caveats, users volition still exist able to override Microsoft’s ban, because when they open a certificate containing an untrusted macro from the cyberspace, they’ll meet the message below explaining why it won’t run:
Microsoft’s macro missive
Note the presence of that “Acquire More” button, beloved readers. Information technology opens a document Microsoft has penned for folks to explain its macro rules. That document also explains how to save the blocked macro to a local drive and change its permissions to allow it to run and circumvent the cake.
Some other important bespeak to note, though, is that IT admins tin use an Role cloud policy or an ADMX or grouping policy to prevent users from overriding the above warning and simply stop the dangerous content dead. Microsoft’s advice for Office admins states that users should but side-step the block “if absolutely needed.”
Redmond’s announcement quotes Tristan Davis, Microsoft’s partner group program manager for the Role Platform, saying: “We volition proceed to adjust our user experience for macros, as nosotros’ve done here, to make information technology
more than difficult
to trick users into running malicious code via social engineering science while maintaining a path for legitimate macros to exist enabled where appropriate via Trusted Publishers and/or Trusted Locations.”
The Register‘s italics.
- Command ‘north’ command botnet of notorious Emotet Windows ransomware close down in multinational constabulary raid
- Lock up your Office macros: Emotet botnet back from the dead with Trickbot links
- Eight-year-old issues in Microsoft’s 64-bit VBA prompts complaints of neglect
- Microsoft doc formats are the bane of office suites on Linux, SoftMaker’s Office 2021 beta may accept a solution
Another thing to lookout for is that the mechanism Microsoft is using to enforce the block won’t work if you’re using a FAT32 filesystem for some reason.
That mechanism is called Mark Of The Web (MOTW) and is derived from tech that Microsoft’s abandoned Internet Explorer web browser used to classify the source of a document so it could apply appropriate levels of security. MOTW works by adding an attribute to files as they get in on a device – merely as Microsoft’s annunciation of the macro ban explains, that aspect simply sticks on files saved to a NTFS file system. Files on FAT32 formatted devices don’t get MOTW info.
For those of yous using NTFS and cloudy controls for Function management, here’due south how the macro-filtering process works:
Click to enlarge
Macros have been a well-known menace ever since the ILOVEYOU worm erupted onto millions of PCs in May 2000. Redmond’s minions accept tried to make life harder for authors of malicious macros ever since, though those efforts announced not to have deterred macro-centric malware authors. Tom Gallagher, partner group engineering director for Office Security, admits that “a broad range of threat actors continue to target our customers by sending documents and luring them into enabling malicious macro code.”
Those miscreants may now discover it harder to succeed, though they’ve also been given a strong signal that now is the time to effigy out how to game MOTW. They also know that come April 2022 they should ignore the population of users that run the one version of Office that will ban macros, and that information technology may be worth developing new social technology tactics for that grouping of users. ®