Microsoft is making its Office apps more secure by blocking Visual Basic for Applications (VBA) macros obtained from the Internet by default. Office users will no longer be able to enable these macros with the click of a button, and the apps will soon display a message bar with a security warning and a support page instead.
To enable these macros, Office users will need to save the file on a local hard drive, network drive, or cloud storage service like OneDrive, and then unblock the file manually. Microsoft already has a support page with detailed instructions on how to proceed, and this same page will be available in the message bar that will show up when Office users open files with VBAs macros coming from the Internet.
Windows Intelligence In Your Inbox
Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!
"*" indicates required fields
This new default behavior regarding Office macros will apply to Word, Excel, PowerPoint, Visio, and Access. As macros obtained from the Internet have been a notorious source of malware, Microsoft believes that this change should better protect consumers and enterprise customers using Office.
“For years Microsoft Office has shipped powerful automation capabilities called active content, the most common kind are macros. While we provided a notification bar to warn users about these macros, users could still decide to enable the macros by clicking a button. Bad actors send macros in Office files to end-users who unknowingly enable them, malicious payloads are delivered, and the impact can be severe including malware, compromised identity, data loss, and remote access,” explained Microsoft’s Kellie Eickmeyer.
Microsoft plans to start blocking VBA macros obtained from the Internet in Office by default in early April 2022, and the new default behavior will roll out first to Microsoft 365 subscribers in the Current Channel (Preview). The change will also make its way to Office LTSC, Office 2021, Office 2019, Office 2016, and Office 2013, though Microsoft has yet to share an ETA.
As an expert in cybersecurity and Microsoft Office applications, I can attest to the significance of Microsoft's recent decision to enhance the security of its Office apps by defaulting to block Visual Basic for Applications (VBA) macros obtained from the Internet. This strategic move is a proactive measure against a long-standing security concern, and my in-depth understanding of cybersecurity principles allows me to provide valuable insights into the implications and benefits of this decision.
The evidence supporting the necessity of this security enhancement is rooted in the historical use of VBA macros as a vector for malware distribution. Malicious actors have exploited the active content capabilities in Microsoft Office, particularly macros, to deliver harmful payloads, leading to severe consequences such as malware infections, compromised identities, data loss, and unauthorized remote access. Microsoft's acknowledgment of this threat, as highlighted by Kellie Eickmeyer, underscores the gravity of the issue and the need for a more robust security posture.
Now, let's delve into the key concepts mentioned in the article:
-
Default Blocking of VBA Macros: Microsoft is changing the default behavior of its Office apps to automatically block VBA macros obtained from the Internet. This means that users will no longer have the option to enable these macros with a simple click, enhancing the overall security posture of Office applications.
-
Manual Enabling of Macros: To enable VBA macros from the Internet, users will need to save the file on a local hard drive, network drive, or cloud storage service like OneDrive. Subsequently, they must unblock the file manually. This introduces an additional layer of security by requiring a deliberate action from the user, reducing the likelihood of unintentional macro execution.
-
Security Warning Message Bar: Instead of a one-click enablement option, Office apps will now display a message bar with a security warning when users attempt to open files with VBA macros from the Internet. This message bar will also include a link to a support page with detailed instructions on how to proceed, offering users guidance on safely handling such files.
-
Applicability Across Office Suite: This new default behavior regarding the blocking of VBA macros applies to various Office applications, including Word, Excel, PowerPoint, Visio, and Access. This comprehensive approach ensures a uniform and robust security stance across the entire Office suite.
-
Timeline for Implementation: Microsoft plans to implement these changes in early April 2022, starting with Microsoft 365 subscribers in the Current Channel (Preview). The rollout will subsequently extend to other versions, including Office LTSC, Office 2021, Office 2019, Office 2016, and Office 2013. While the exact timeline for these releases has not been specified (ETA), Microsoft is committed to implementing the security enhancements across different Office versions.
In conclusion, Microsoft's decision to block VBA macros from the Internet by default represents a proactive and crucial step in mitigating the risks associated with malicious macro-based attacks. This approach aligns with industry best practices and showcases Microsoft's commitment to enhancing the security posture of its widely used Office suite.
