Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Microsoft Confirms Temporary Rollback of Macro Blocking Feature

Microsoft has confirmed that the recent rollback of a feature related to the blocking of internet macros in its Office suite is only temporary.

Microsoft has confirmed that the recent rollback of a feature related to the blocking of internet macros in its Office suite is only temporary.

Since 2016, Office has been blocking macros in documents arriving from the Internet, displaying a yellow warning to the user, informing them that editing has been disabled and allowing them to enable editing – and thus macros – with a single click.

In January 2022, Microsoft announced that Excel 4.0 (XLM) macros would be restricted by default, and in February the tech giant changed the default Office behavior regarding macros: in documents arriving from the internet, users could no longer enable macros with a single click.

Specifically, Microsoft replaced the yellow notification with a new one to inform users that Visual Basic for Applications (VBA) macros in the document had been blocked. The notification also featured a “Learn more” button leading to an article containing information on the risks associated with macros.

Instead of allowing users to immediately enable macros, the article would explain that the Mark of the Web (MOTW) on documents arriving from the internet could be removed once the document was saved to a trusted location.

While the new default behavior was meant to prevent users from enabling potentially dangerous macros, Microsoft rolled back the change recently, to “improve user experience.”

An administrator working on a guideline for their employees noticed that Office was no longer displaying the new alert and commented on Microsoft’s February announcement to ask about the rollback.

As it turns out, Microsoft indeed had decided to roll back the feature, but said nothing about it, thus creating confusion.

Advertisement. Scroll to continue reading.

“Following user feedback, we have rolled back this change temporarily while we make some additional changes to enhance usability. This is a temporary change, and we are fully committed to making the default change for all users,” Microsoft notes in an update to the February announcement.

Administrators can still enable specific Group Policy settings to block macros in Office documents that arrive from the internet, the tech giant notes.

Microsoft wasn’t clear on when the new default will return to Office. The change affects Access, Excel, PowerPoint, Visio, and Word applications.

Related: Microsoft Ups Office Protections With Improved Blocking of Macros

Related: Researcher Details Sophisticated macOS Attack via Office Document Macros

Related: ZLoader Adopts New Macro-Related Delivery Technique in Recent Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Cloud security giant Wiz has named Fazal Merchant as President and Chief Financial Officer.

Cybersecurity and data protection company Acronis has appointed Gerald Beuchelt as CISO.

Adam Zoller has joined CrowdStrike as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.