Microsoft rescinded its decision to block Office macros by default until further notice, the company said, attributing the change to user feedback.
Earlier this year, Microsoft said it would take steps to block Office VBA macros by default as a security measure against malware attacks. The company is expected to release an official statement regarding its decision to revoke VBA macros embedded in Access, Excel, Visio, PowerPoint and Word documents.
Microsoft disclosed its decision on Thursday to administrators through the Microsoft 365 message center (MC393185 or MC322553), as Bleeping Computer reports.
“Based on feedback, we’re rolling back this change from Current Channel,” the notification reads. “We appreciate the feedback we’ve received so far, and we’re working to make improvements in this experience. We’ll provide another update when we’re ready to release again to Current Channel. Thank you.”
Blocking Visual Basic for Applications (VBA) macros in Office documents was a welcome move. Macros embedded in Office documents are still a significant vector in phishing attacks such as Dridex, Emotet, Qbot and TrickBot.
Restricting VBA Office macros by default is not a silver bullet against attacks that leverage them to compromise systems, but it could put a dent in perpetrators’ attempts to trick unsuspecting victims. Autoblocking VBA macros prompted users with a Security Risk message.
The prompt displayed an URL to an article with additional information about the risks of malicious Office macros and instructions on how to enable them if necessary.
Microsoft product users noticed the Current Channel modification on Wednesday when downloaded Office documents with embedded macros displayed the old “Enable Content” or “Enable Editing” buttons at the top.
While the company left out the specific reason for its macro restriction rollback, users unable to unblock documents by removing their Mark-of-the-Web attribute likely played a considerable role.