Security News > 2022 > July > That didn’t last! Microsoft turns off the Office security it just turned on
It's demanding a return to the freewheeling days of the last millennium, when Office macro viruses didn't face the trials and tribulations that they do today.
Worst of all, perhaps, an infected document could implant macros into the global template, thus infecting the computer, and the same macros could copy themselves back out again.
Although this helped to kill off self-spreading macro viruses, it didn't prevent macro malware in general.
Administrators can block macros altogether in Office files that came from outside the network, so that users can't click to allow macros to run in files received via email or downloaded the web, even if they want to.
At last, in February 2022, Microsoft announced, to sighs of collective relief from the cybersecurity community, that it was planning to turn on the "Inhibit macros in documents that arrived from the internet" by default, for everyone, all the time.
Regardless of the default setting, customers can block internet macros through the Group Policy settings described in the article Block macros from running in Office files from the Internet.
News URL
Related news
- Microsoft pulls Exchange security updates over mail delivery issues (source)
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Microsoft Ignite 2024 Unveils Groundbreaking AI, Security, and Teams Innovations (source)
- Microsoft plans to boot security vendors out of the Windows kernel (source)
- Microsoft announces new and improved Windows 11 security features (source)
- Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity (source)
- Security? We've heard of it: How Microsoft plans to better defend Windows (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- Microsoft 365 outage takes down Office web apps, admin center (source)
- Microsoft fixes bug behind random Office 365 deactivation errors (source)