After some block and forth, Microsoft stops Office macros by default

The block is back.

Microsoft has disabled by default the oft-helpful, oft-malwared shortcuts known as macros. And it got confusing for a second. In February, Microsoft announced a block, then a rollback, then a clarification that the rollback was temporary, and now, finally, a rollout.

“To help improve security in Office, we’re changing the default behavior of Office applications to block macros in files from the internet,” according to a July 20 post from Microsoft.

Yay, macros! A macro is a small program or script, written in Visual Basic for Applications (VBA) and built to automate tasks in Office that would normally be done manually. With a macro, users can one-click their way through a number of efforts, like removing text wrap from an entire Excel spreadsheet, unmerging all merged cells, or saving a workbook with a time stamp in the name.

Nay, macros! Though macros can save time, they can also provide shortcuts for malware installation.

A Q1 2022 threat report from the managed detection and response provider Expel found that “threat actors used macro-enabled Word documents and zipped JavaScript files as the initial attack vector in 82% of all pre-ransomware incidents.” A February 2022 post from the software company Netskope revealed that 31% of all malware downloads blocked by the company were malicious Office files.

Now, according to the July 20 Microsoft post, macros from the internet will be blocked by default in Office, and when a reader opens a macro file, a security-risk warning will be displayed. While users are able to override the feature and enable macros if needed, the preselected setting is a step in the right direction, according to Roman Shain, information technology specialist at Nero Consulting.

“Microsoft is kind of helping everyone out in a way by saying, ‘Hey, look twice before crossing the street.’” Shain told IT Brew.

Hot this week

The Myth of Perfect Security

Perfect security is a myth, and focusing on resilience rather than prevention can better protect your organization from inevitable breaches.

Why Traditional Passwords Are Failing Us

Password fatigue from complex rules often causes more security breaches than weak passwords, requiring a shift toward user-friendly tools and behaviors.

Why Your Employees Are Your Best Security Defense

Empowering employees with security awareness training often provides better protection than stacking more technology, turning human factors from a weakness into your strongest defense.

Why Most Security Awareness Training Fails and What to Do About It

Security awareness training often fails because it focuses on knowledge rather than behavior, but shifting to a behavior-based approach can lead to better outcomes and fewer incidents.

The Myth of Multifactor Authentication Security

Multifactor authentication enhances security but is not foolproof, as it can be bypassed through social engineering and technical exploits. Understanding its limitations and adopting stronger methods is essential for effective protection.

Topics

The Myth of Perfect Security

Perfect security is a myth, and focusing on resilience rather than prevention can better protect your organization from inevitable breaches.

Why Traditional Passwords Are Failing Us

Password fatigue from complex rules often causes more security breaches than weak passwords, requiring a shift toward user-friendly tools and behaviors.

Why Your Employees Are Your Best Security Defense

Empowering employees with security awareness training often provides better protection than stacking more technology, turning human factors from a weakness into your strongest defense.

Why Most Security Awareness Training Fails and What to Do About It

Security awareness training often fails because it focuses on knowledge rather than behavior, but shifting to a behavior-based approach can lead to better outcomes and fewer incidents.

The Myth of Multifactor Authentication Security

Multifactor authentication enhances security but is not foolproof, as it can be bypassed through social engineering and technical exploits. Understanding its limitations and adopting stronger methods is essential for effective protection.

Why MFA Is Not Enough Anymore

Multi-factor authentication is no longer a silver bullet for security as attackers develop new bypass methods, requiring a layered defense approach with phishing-resistant tools and continuous monitoring.

Why Phishing Still Works and What to Do About It

Phishing remains a top threat because it exploits human psychology, not just technical gaps. Shifting focus to employee awareness and habits can build stronger defenses than relying solely on technology.

Rethinking Password Security

Complex password rules often increase risk by encouraging poor habits. Learn how password managers and multi-factor authentication offer more practical protection for organizations of all sizes.
spot_img

Related Articles

Popular Categories