Security News > 2022 > July > Microsoft closes off two avenues of attack: Office macros, RDP brute-forcing

Microsoft is shutting the door on a couple of routes cybercriminals have used to attack users and networks.

The issue of macros has become a particularly gnarly one for the software giant.

"For years Microsoft Office has shipped powerful automation capabilities called active content, the most common kind are macros," Kellie Eickmeyer, a principal product manager at Microsoft, wrote in a blog post in February when the IT titan announced its plans to block by default macros taken from the internet from running in Office.

"While we provided a notification bar to warn users about these macros, users could still decide to enable the macros by clicking a button. Bad actors send macros in Office files to end users who unknowingly enable them, malicious payloads are delivered, and the impact can be severe including malware, compromised identity, data loss, and remote access."

The policy was to block these particular macros by default in Access, Excel, PowerPoint, Visio, and Word, though after a few months of - at times, negative - feedback from users, Microsoft put a temporary halt on the initiative.

Macros have been a security problem for years, with Microsoft in 2016 releasing a tool that allowed administrators to set policy around when and where these scripts were allowed to run.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/07/22/microsoft-windows-vba-macros/