Microsoft Will Finally Block Office Macros by Default to Stop Malware

pcmag.com:

Microsoft is finally cracking down on Office macros, an automation feature that hackers have been exploiting for years to spread malware.

The company announced today that it will block Visual Basic Application macros contained in files retrieved from the internet by default. The change will start rolling out in early April across five Office apps for Windows devices, including Access, Excel, PowerPoint, Visio, and Word.

Macros have long been used to deliver malicious files on Windows computers. A normal macro can let you automate a series of tasks with a single command. But in the wrong hands, a malicious macro can be rigged to automate a Windows computer into downloading malware. 

As a result, hackers have favored macros in phishing email attacks involving Office documents. Those who open the documents and run the macro will unknowingly download malware on their computers, which can also pave the way for ransomware packages. 

Microsoft is well-aware of the threat, but has left it up to IT administrators to determine how aggressive to get with macro-blocking. Microsoft also added a warning bar when opening Office documents containing macros. But users could be easily tricked to bypass it with a single click. 

On Tuesday, Microsoft signaled the safeguards haven’t been enough to stop hackers. “For the protection of our customers, we need to make it more difficult to enable macros in files obtained from the internet,” the company wrote in a blog post. 

“For macros in files obtained from the internet, users will no longer be able to enable content with a click of a button,” Microsoft added. “A message bar will appear for users notifying them with a button to learn more. The default is more secure and is expected to keep more