Microsoft is finally planning to block Visual Basic for Applications (VBA) macros by default in a variety of Office apps. The change will apply to Office files that are downloaded from the internet and include macros, so Office users will no longer be able to enable certain content with a simple click of a button.
Microsoft to block Office VBA macros by default
A default change to help improve security
A default change to help improve security
Image by Alex Castro / The Verge
is a senior editor and author of Notepad, who has been covering all things Microsoft, PC, and tech for over 20 years.
βThe default is more secure and is expected to keep more users safe including home users and information workers in managed organizations,β explains Kellie Eickmeyer, a principal PM at Microsoft.
Macros can be a security headache for IT admins
Hackers have been targeting Office documents with malicious macros for years, and while Office has long prompted users to click to enable macros running, this simple button could lead to βsevere including malware, compromised identity, data loss, and remote access.β Instead of a button, a security risk banner will appear with a link to a Microsoft support article, but no easy way to enable macros.
Microsoft is planning to preview the change with its Current Channel (Preview) users in early April, before rolling out to its regular Microsoft 365 customers. The change to block VBA macros from the web will affect Access, Excel, PowerPoint, Visio, and Word on Windows. Microsoft also plans to update Office LTSC, Office 2021, Office 2019, Office 2016, and even Office 2013 to block internet VBA macros.
This is a big change that could impact a lot of genuine use cases for VBA macros, and it means that Office users will only be able to enable the macros by specifically ticking an unblock option on the properties of a file. Thatβs a lot more steps than usual, and ones that Microsoft is hoping will help prevent security issues in the future.
βMacros account for about 25 percent of all ransomware entry,β explains security researcher and former Microsoft employee Kevin Beaumont. βKeep derisking macros and macro functions. Itβs really important. Thank you all the people behind the scenes doing this.β Marcus Hutchins, a security researcher best known for halting the global WannaCry malware attack, also celebrated Microsoftβs changes but noted the company has βdecided to do the bare minimumβ after years of malware infections.
Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.
Most Popular
Most Popular
- Microsoftβs PowerToys are about to add two big missing Windows features
- The Browser Company, maker of Arc and Dia, is being acquired
- The UKβs largest energy supplier has created its own EV charger
- More Pixel phones are getting Googleβs new look for Android
- Remarkableβs new digital notepad is smaller than a paperback
