Since the change’s initial announcement, the use of Visual Basic for Applications (VBA) macros on downloaded documents has been prohibited; however, this week, Microsoft started distributing an update to Microsoft Office that fixes the problem.
Although Microsoft assured users that the change would only be temporary, many experts were worried that it might not actually change the default setting, leaving systems vulnerable to attacks. Microsoft abruptly rolled back the update last month as it tested the new default setting, stating that it was doing so “temporarily while we make some additional changes to enhance usability.” Blocking Office macros would actually do much more to protect against threats than preventing every threat, according to Shane Huntley, the head of the Google Threat Analysis Group, in a tweet.
The updated language in the new default setting is now being rolled out to inform users and administrators of their options when a file they are attempting to open is blocked. This only applies if Windows, using the NTFS file system, records the download as occurring from the internet rather than a network drive or website that administrators have designated as secure. It has no effect on other platforms, such as Mac, Office for Android and iOS, or Office on the web.
Microsoft:
We’re resuming the rollout of this change in Current Channel. Based on our review of customer feedback, we’ve made updates to both our end user and our IT admin documentation to make clearer what options you have for different scenarios. For example, what to do if you have files on SharePoint or files on a network share. Please refer to the following documentation:
• For end users, A potentially dangerous macro has been blocked
• For IT admins, Macros from the internet will be blocked by default in Office
If you ever enabled or disabled the Block macros from running in Office files from the Internet policy, your organization will not be affected by this change.
Although some people use the scripts to automate tasks, hackers have long taken advantage of the feature by creating malicious macros that trick users into downloading and running malicious files that compromise their systems. Microsoft made a note of how administrators could disable macros across all systems in their company by using Office 2016’s Group Policy settings. Nevertheless, some people didn’t activate it, and as a result, attacks continued, giving hackers the opportunity to steal data or spread ransomware.
A pop-up message explaining why they probably don’t need to open that document will be displayed to users who attempt to open files but are blocked and send them here. It begins by going over several situations in which someone might try to trick them into running malware. It continues to explain how to gain access, which is all more difficult than what happened previously when users could typically enable macros by clicking a button in the warning banner if they truly need to see what’s inside the downloaded file.
This modification may not always prevent someone from opening a malicious file, but it does add additional layers of warnings before they can, while still allowing access for those who claim to need it urgently.
