Security News > 2022 > July > That didn’t last! Microsoft turns off the Office security it just turned on

It's demanding a return to the freewheeling days of the last millennium, when Office macro viruses didn't face the trials and tribulations that they do today.

Worst of all, perhaps, an infected document could implant macros into the global template, thus infecting the computer, and the same macros could copy themselves back out again.

Although this helped to kill off self-spreading macro viruses, it didn't prevent macro malware in general.

Administrators can block macros altogether in Office files that came from outside the network, so that users can't click to allow macros to run in files received via email or downloaded the web, even if they want to.

At last, in February 2022, Microsoft announced, to sighs of collective relief from the cybersecurity community, that it was planning to turn on the "Inhibit macros in documents that arrived from the internet" by default, for everyone, all the time.

Regardless of the default setting, customers can block internet macros through the Group Policy settings described in the article Block macros from running in Office files from the Internet.

News URL

https://nakedsecurity.sophos.com/2022/07/11/that-didnt-last-microsoft-turns-off-the-office-security-it-just-turned-on/