Security News > 2022 > July > Microsoft closes off two avenues of attack: Office macros, RDP brute-forcing
Microsoft is shutting the door on a couple of routes cybercriminals have used to attack users and networks.
The issue of macros has become a particularly gnarly one for the software giant.
"For years Microsoft Office has shipped powerful automation capabilities called active content, the most common kind are macros," Kellie Eickmeyer, a principal product manager at Microsoft, wrote in a blog post in February when the IT titan announced its plans to block by default macros taken from the internet from running in Office.
"While we provided a notification bar to warn users about these macros, users could still decide to enable the macros by clicking a button. Bad actors send macros in Office files to end users who unknowingly enable them, malicious payloads are delivered, and the impact can be severe including malware, compromised identity, data loss, and remote access."
The policy was to block these particular macros by default in Access, Excel, PowerPoint, Visio, and Word, though after a few months of - at times, negative - feedback from users, Microsoft put a temporary halt on the initiative.
Macros have been a security problem for years, with Microsoft in 2016 releasing a tool that allowed administrators to set policy around when and where these scripts were allowed to run.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/07/22/microsoft-windows-vba-macros/
Related news
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- Microsoft 365 outage takes down Office web apps, admin center (source)
- Microsoft enforces defenses preventing NTLM relay attacks (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- Russian hackers use RDP proxies to steal data in MiTM attacks (source)
- Microsoft fixes bug behind random Office 365 deactivation errors (source)