Microsoft has confirmed that it will soon start blocking Visual Basic Applications (VBA) macros in Office apps by default after quietly rolling back the change earlier this month.
According to the new update by the company, blocking of Office macros by default will start from July 27. This comes shortly after the technology giant halted the rollout of the macros-blocking feature citing unspecified “user feedback.” It’s thought the initial rollout, which kicked off at the beginning of June, caused issues for organizations using macros to automate routine processes, such as data collection or running certain tasks.
It was gathered that Microsoft paused the rollout while it “makes some additional changes to enhance usability”. The company has since updated its documentation with step-by-step instructions for end users and IT admins explaining how Office determines whether to block or run macros, which Office versions are affected by the new rules, and how to allow VBA macros in trusted files, and how to prepare for the change.
It announced its plans to disable macros by default back in February to stop threat actors from abusing the feature to deliver malware via email attachments. “VBA macros are a common way for malicious actors to gain access to deploy malware and ransomware,” the company said. “Therefore, to help improve security in Office, we’re changing the default behavior of Office applications to block macros in files from the internet.”
The cybersecurity industry applauded the move to block macros — and it appeared to be working until Microsoft’s reversal last month. ESET, for example, observed a recent Emotet test campaign that showed threat actors were already moving away from macro-based attacks in response to the change, instead replacing Microsoft Word documents with a shortcut file as the malicious attachment.
Microsoft’s macro-blocking feature will soon start rolling out to Access, Excel, PowerPoint, Visio and Word on Windows. The change won’t affect Office for Mac, Android or iOS devices.