Security Experts:

Microsoft Confirms Temporary Rollback of Macro Blocking Feature

Microsoft has confirmed that the recent rollback of a feature related to the blocking of internet macros in its Office suite is only temporary.

Since 2016, Office has been blocking macros in documents arriving from the Internet, displaying a yellow warning to the user, informing them that editing has been disabled and allowing them to enable editing – and thus macros – with a single click.

In January 2022, Microsoft announced that Excel 4.0 (XLM) macros would be restricted by default, and in February the tech giant changed the default Office behavior regarding macros: in documents arriving from the internet, users could no longer enable macros with a single click.

Specifically, Microsoft replaced the yellow notification with a new one to inform users that Visual Basic for Applications (VBA) macros in the document had been blocked. The notification also featured a “Learn more” button leading to an article containing information on the risks associated with macros.

Instead of allowing users to immediately enable macros, the article would explain that the Mark of the Web (MOTW) on documents arriving from the internet could be removed once the document was saved to a trusted location.

While the new default behavior was meant to prevent users from enabling potentially dangerous macros, Microsoft rolled back the change recently, to “improve user experience.”

An administrator working on a guideline for their employees noticed that Office was no longer displaying the new alert and commented on Microsoft’s February announcement to ask about the rollback.

As it turns out, Microsoft indeed had decided to roll back the feature, but said nothing about it, thus creating confusion.

“Following user feedback, we have rolled back this change temporarily while we make some additional changes to enhance usability. This is a temporary change, and we are fully committed to making the default change for all users,” Microsoft notes in an update to the February announcement.

Administrators can still enable specific Group Policy settings to block macros in Office documents that arrive from the internet, the tech giant notes.

Microsoft wasn’t clear on when the new default will return to Office. The change affects Access, Excel, PowerPoint, Visio, and Word applications.

Related: Microsoft Ups Office Protections With Improved Blocking of Macros

Related: Researcher Details Sophisticated macOS Attack via Office Document Macros

Related: ZLoader Adopts New Macro-Related Delivery Technique in Recent Attacks

view counter