Microsoft announced today that it resumed the rollout of VBA macro auto-blocking in downloaded Office documents after temporarily rolling it back earlier this month following user feedback.
Earlier this February,
Microsoft publicized its plans to disable macros by default in Business office purposes such as Accessibility, Excel, PowerPoint, Visio, and Word as a way to protect against risk actors.
It’s a known fact that a majority of the damaging cyberattacks today leverage email-based phishing lures to spread bogus.
“Macros can add a lot of functionality to Office, but they are often used by people with bad intentions to distribute malware to unsuspecting victims,” the company notes in its documentation.
By disabling the option by default for any Workplace file downloaded from the internet or been given as an email attachment, the concept is to get rid of an whole course of attack vectors and disrupt the activities of malware these kinds of as Emotet, IcedID, Qakbot, and Bumblebee.
However, Microsoft backtracked on the change in the first week of July, telling The Hacker News that it’s pausing the rollout of the feature to make additional usability improvements.
“Detection of malware in OpenDocument data files is very weak,” security researcher Patrick Schläpfer explained. “The structure of OpenDocument data files is not as effectively analyzed by antivirus scanners or as routinely employed in malware strategies.”