Microsoft is (finally) taking steps to block malicious macros contained in Microsoft Office files. As one of the primary sources for malware and ransomware to enter someone's system, the move has been called for... well, for a very long time in the security world.
The move should help to curtail rampant ransomware campaigns from spreading while making it just a little more difficult for everyday users to accidentally download something malicious and run it without realizing what might happen next.
Microsoft to Block Macros From Running Automatically
In a recent Microsoft Tech Community blog post, the company confirmed that the default behavior for Office apps that can run macros will change, blocking macros downloaded from the internet from running automatically.
For macros in files obtained from the internet, users will no longer be able to enable content with a click of a button. A message bar will appear for users notifying them with a button to learn more. The default is more secure and is expected to keep more users safe including home users and information workers in managed organizations.
The changes affect Access, Excel, PowerPoint, Visio, and Word, and will begin rolling out to Current Channel (Preview) users with Microsoft Office Version 2203, scheduled for April 2022. The macros update will then make its way to other Microsoft Office update channels, including Current Channel, Monthly Enterprise Channel, and Semi-Annual Enterprise Channel.
How Microsoft Blocking Macros by Default Will Boost User Safety
First, consider what a macro is and how a malicious macro is dangerous.
A macro, short for macroinstruction, is a rule that translates a specific sequence of input into a suitable output. Think of it like a shortcut that your computer takes to run simple and relatively predictable tasks faster and more efficiently. Macros can be anything from mouse movement and keyboard strokes to direct commands.
So, when paired with malicious intention, the automated set of instructions can be used to download and install malware on your computer. Attackers rely on the fact that you might enable a malicious macro without realizing, running their program and granting them access to your hardware.
You may have already encountered the existing Microsoft Office macros warning. It triggers if you attempt to open a file from outside a Trusted Location and that isn't digitally signed (i.e., from a trusted source). Now, the new Microsoft Office macro block will add another warning and advise the user that a macro contained within the document is blocked from running "because the source of this file is untrusted."
Always Double-Check Your Downloads Before Opening Them
We've all been there; downloading a file in a hurry, opening it without thinking. Thankfully, Microsoft knows that mistakes happen and is taking steps to protect your data and hardware from macro viruses and malware. As above, the Microsoft Office macro blocking update will begin rolling out in April 2022. All you have to do is install it when it arrives.