The change will roll out to all Microsoft 365 customers and the OS maker said it also plans to backport the change to other Office versions, such as Office LTSC, Office 2021, Office 2019, Office 2016, and Office 2013. “Later, the change will be available in the other update channels, such as Current Channel, Monthly Enterprise Channel, and Semi-Annual Enterprise Channel.” “The change will begin rolling out in Version 2203, starting with Current Channel (Preview) in early April 2022,” Microsoft said today.
Documents that contain VBA macros that have been created and obtained from inside an organization’s trusted network will still be allowed to execute. Microsoft said the decision to block VBA macros by default only affects Access, Excel, PowerPoint, Visio, and Word on Windows. While users with some technical and cybersecurity knowledge may be able to recognize this as a lure to get infected with malware, many day-to-day Office users are still unaware of this technique and end up following the provided instructions, effectively infecting themselves with malware. When they open the file, the attacker typically leaves a message instructing the user to enable the execution of the macro script. In these attacks, users typically receive a document via email or which they are instructed to download from an internet website. The change, which security researchers have been requesting for years, is expected to put a serious roadblock for malware gangs, which have relied on tricking users into enabling the execution of a macro script as a way to install malware on their systems. Starting with early April 2022, Access, Excel, PowerPoint, Visio, and Word users will not be able to enable macro scripts inside untrusted documents that they downloaded from the internet.
In one of the most impactful changes made in recent years, Microsoft has announced today that it will block by default the execution of VBA macro scripts inside five Office applications.
Microsoft to block internet macros by default in five Office applications
0 kommentar(er)
