Microsoft yesterday announced that it will disable Visual Basic for Applications (VBA) macros by default in numerous products, mainly from the Office suite, to curb attacks through this vector.
Products affected by this decision include Excel, PowerPoint, Word, Visio and Access. The company’s decision doesn’t mean that macros will be unusable, but opening them in Office documents will come with a warning.
Threat actors often use macros in Office files to deliver malicious payloads by tricking unsuspecting victims into opening the documents and enabling the active content. While macros are not always bad, they should be handled with caution, particularly when the origin of the file is not known.
Upon downloading or opening an attachment or Office file containing macros, the app prompts the user with a security risk banner that reads: “Microsoft has blocked macros from running because the source of the file is untrusted.”
However, users can still unblock macros easily by accessing the file’s properties (Right-click -> Properties) and checking “Unblock” in the General tab.
Until now, Microsoft has warned users about enabling macro content in their files by flashing a security warning banner at the top of the document. However, users could allow macro content by clicking the “Enable Content” button contained by the same banner.
The change will only affect users running Office on Windows devices and “will begin rolling out in Version 2203, starting with Current Channel (Preview) in early April 2022,” according to Microsoft’s announcement.
Microsoft also listed a series of recommendations for users who encounter the macro restrictions:
- Never open file attachments you weren’t expecting, even if it seems to come from someone trusted
- Don’t fall for pretenses such as having to enable macros to cancel orders or read legal documents
- Don’t listen to pop-up messages or other forms of “encouragement” telling you to allow active content (for instance, letting you know that you’ve won a prize)
All things considered, if you downloaded a file with macros from the Internet and you’re unsure about the purpose of those macros, delete the file as soon as possible.