This week Microsoft began rolling out an update to Microsoft Office that blocks the use of VBA macros on downloaded documents, after a bit of back and forth since the change was originally announced.
Microsft rolled back the update temporarily while it made some additional changes to enhance the user experience. Many experts were concerned that Microsoft might not change the default setting and leave systems vulnerable to attacks. The leader of the Threat Analysis Group said blocking Office macros would do more to defend against real threats.
With the new default setting rolling out, users and administrators will be aware of what options they have when trying to open a file. This only applies if Windows, using the NTFS file system, notes it as downloaded from the internet and not a network drive or site that admins have marked as safe, and it isn't changing anything on other platforms.
It's Microsoft.
We’re resuming the rollout of this change in Current Channel. Based on our review of customer feedback, we’ve made updates to both our end user and our IT admin documentation to make clearer what options you have for different scenarios. For example, what to do if you have files on SharePoint or files on a network share. Please refer to the following documentation:
• For end users, A potentially dangerous macro has been blocked
• For IT admins, Macros from the internet will be blocked by default in Office
If you ever enabled or disabled the Block macros from running in Office files from the Internet policy, your organization will not be affected by this change.
While some people use the script to automate tasks, hackers have abused the feature with malicious macros for years, tricking people into download a file and running it to compromise their systems Group Policy settings in Office 2016 can be used to block macros. The attacks continued despite not everyone turning it on.
Users who are blocked from opening files will get a pop-up telling them why they shouldn't open that document. There are a number of scenarios where someone could try to trick them. If they really need to see what is inside the downloaded file, it goes on to explain how to get access, which is more complicated than before, where users could usually enable macros by pressing one button.
This change may not always stop someone from opening up a malicious file, but it does provide several more layers of warnings before they can get there while still giving access for the people that say they need it.