Security News > 2022 > February > Microsoft Disables Internet Macros in Office Apps by Default to Block Malware Attacks
Microsoft on Monday said it's taking steps to disable Visual Basic for Applications macros by default across its products, including Word, Excel, PowerPoint, Access, and Visio, for documents downloaded from the web in an attempt to eliminate an entire class of attack vector.
"Bad actors send macros in Office files to end users who unknowingly enable them, malicious payloads are delivered, and the impact can be severe including malware, compromised identity, data loss, and remote access," Kellie Eickmeyer said in a post announcing the move.
While the company does warn users about permitting macros in Office files, unsuspecting users - e.g., recipients of phishing emails - can still be lured into enabling the feature, effectively granting the attackers the ability to gain an initial foothold into the system.
As part of the new change, when a user opens an attachment or downloads from the internet an untrusted Office file containing macros, the app displays a security risk banner stating, "Microsoft has blocked macros from running because the source of the file is untrusted."
"If a downloaded file from the internet wants you to allow macros, and you're not certain what those macros do, you should probably just delete that file," Microsoft cautions, outlining the security risk of bad actors using macros.
The updates are expected to be applied to Microsoft 365 users in April 2022, with plans to backport the feature to Office LTSC, Office 2021, Office 2019, Office 2016, and Office 2013 at a "Future date."
News URL
https://thehackernews.com/2022/02/microsoft-disables-internet-macros-in.html
Related news
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- Microsoft 365 outage takes down Office web apps, admin center (source)
- Microsoft enforces defenses preventing NTLM relay attacks (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (source)