Security News > 2022 > July > That didn’t last! Microsoft turns off the Office security it just turned on
It's demanding a return to the freewheeling days of the last millennium, when Office macro viruses didn't face the trials and tribulations that they do today.
Worst of all, perhaps, an infected document could implant macros into the global template, thus infecting the computer, and the same macros could copy themselves back out again.
Although this helped to kill off self-spreading macro viruses, it didn't prevent macro malware in general.
Administrators can block macros altogether in Office files that came from outside the network, so that users can't click to allow macros to run in files received via email or downloaded the web, even if they want to.
At last, in February 2022, Microsoft announced, to sighs of collective relief from the cybersecurity community, that it was planning to turn on the "Inhibit macros in documents that arrived from the internet" by default, for everyone, all the time.
Regardless of the default setting, customers can block internet macros through the Group Policy settings described in the article Block macros from running in Office files from the Internet.
News URL
Related news
- Microsoft and Security Incentives (source)
- Microsoft releases Exchange hotfixes for security update issues (source)
- Microsoft pulls fix for Outlook bug behind ICS security alerts (source)
- Microsoft cannot keep its own security in order, so what hope for its add-ons customers? (source)
- BeyondTrust Report: Microsoft Security Vulnerabilities Decreased by 5% in 2023 (source)
- Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw (source)
- Microsoft's Brad Smith summoned by Homeland Security committee over 'cascade' of infosec failures (source)
- Google takes shots at Microsoft for shoddy security record with enterprise apps (source)
- Pirated Microsoft Office delivers malware cocktail on systems (source)
- Azure Service Tags tagged as security risk, Microsoft disagrees (source)