It’s been a bit back and forth since then The change was originally announcedbut this week Microsoft began providing an update for Microsoft Office that blocks the use of Visual Basic for Applications (VBA) macros in downloaded documents.
Last month, when the update suddenly rolled back, Microsoft was testing the new default, “temporarily while we make some additional changes to improve the user experience.” Although it was only temporary, many experts feared that Microsoft would not be able to change the default setting, leaving systems vulnerable to attack. Shane Huntley, leader of the Google Threat Analysis Group tweeted“Blocking Office macros would do infinitely more to protect against real threats than all of Intel’s threat blog posts.”
Now introducing the new default but with updated language to alert users and admins what their options are when they try to open a file and it is blocked. This is only true when Windows, which uses the NTFS file system, notes it as downloaded from the Internet and not as a network drive or website that administrators have marked as safe, and it is used on other platforms such as Mac, Office on Android/iOS or office on the web.
We’re resuming the rollout of this change in the current channel. Based on our review of customer feedback, we’ve updated both our end-user and IT admin documentation to make it clearer what your options are for different scenarios. For example what to do if you have files on SharePoint or files on a network share. Please note the following documentation:
• For end users, A potentially dangerous macro has been blocked
If you have ever enabled or disabled the Block macros from running in Office files from the Internet Policy, your organization is not affected by this change.
While some people use the scripts to automate tasks, for years hackers have abused the feature with malicious macros, tricking people into downloading and running a file to compromise their systems. Microsoft noted how administrators could use group policy settings in Office 2016 to block macros in their organization’s systems. Still, not everyone turned it on and attacks continued, allowing hackers to steal data or spread ransomware.
Users who try to open files and get blocked will get a popup Submit them to this page, and explains why you probably don’t need to open this document. It starts by going through several scenarios where someone might try to trick you into running malware. If they really need to see what’s in the downloaded file, ways to access it are explained, all more complicated than before where users could normally enable macros by pressing a button in the warning banner.
This change might not always stop someone from opening a malicious file, but it does provide several more layers of warning before they can get there, while still providing access for those people who say they absolutely need it.