Security News > 2022 > July > Microsoft closes off two avenues of attack: Office macros, RDP brute-forcing
Microsoft is shutting the door on a couple of routes cybercriminals have used to attack users and networks.
The issue of macros has become a particularly gnarly one for the software giant.
"For years Microsoft Office has shipped powerful automation capabilities called active content, the most common kind are macros," Kellie Eickmeyer, a principal product manager at Microsoft, wrote in a blog post in February when the IT titan announced its plans to block by default macros taken from the internet from running in Office.
"While we provided a notification bar to warn users about these macros, users could still decide to enable the macros by clicking a button. Bad actors send macros in Office files to end users who unknowingly enable them, malicious payloads are delivered, and the impact can be severe including malware, compromised identity, data loss, and remote access."
The policy was to block these particular macros by default in Access, Excel, PowerPoint, Visio, and Word, though after a few months of - at times, negative - feedback from users, Microsoft put a temporary halt on the initiative.
Macros have been a security problem for years, with Microsoft in 2016 releasing a tool that allowed administrators to set policy around when and where these scripts were allowed to run.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/07/22/microsoft-windows-vba-macros/
Related news
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- Microsoft Office 2024 now available for Windows and macOS users (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Microsoft issues 117 patches – some for flaws already under attack (source)
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- CERT-UA Identifies Malicious RDP Files in Latest Attack on Ukrainian Entities (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)