Microsoft reverses its plan to disable Office macros by default | CyberNcrypt

Microsoft said earlier this year that it will prohibit VBA macros on downloaded documents by default. However, Redmond announced on Thursday that this move would be reversed till further notice due to “feedback.”

In addition to failing to provide an explanation for this move, the business has yet to warn consumers publicly that VBA macros hidden in malicious Office documents would no longer be automatically stopped in Access, Excel, PowerPoint, Visio, and Word.

As previously reported by BleepingComputer, the modification started rolling out in Version 2203 beginning with Current Channel (Preview) in early April 2022, with broad availability expected in June 2022.

This was a welcome and much-anticipated improvement, considering that VBA macros are often used to distribute a variety of malware strains (such as Emotet, TrickBot, Qbot, and Dridex) through phishing assaults using malicious Office document attachments.

With VBA macros disabled by default, it was anticipated that malware-delivering assaults (such as information-stealing trojans and harmful tools used by ransomware gangs) would be automatically stopped.

On systems where VBA macros autoblocking is enabled, users get the security notice “SECURITY RISK: Microsoft has blocked macros from running because the source of this file is untrusted”.

If the warning is clicked, the user is sent to a page with information regarding the security risks associated with threat actors’ use of Office macros and steps for activating them if absolutely required.