|
Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems. |
I’m guessing that big businesses pushed back on this. But Microsoft? Don’t give up on making this default. We need macros to be off by default and let
[See the full post at: Dear Microsoft, don’t give up on this please!]
Susan Bradley Patch Lady/Prudent patcher
Ian McShane, VP of Strategy at Arctic Wolf
It’s unfortunate and disappointing that Microsoft is walking back their security by default initiative around office macros. Disabling office macros by default would have been a huge step forward for securing one of the most tried and tested attack paths, since malware like Quakbot and Emotet are distributed through these kinds of malicious docs, wreaking havoc on organizations worldwide. Whether this was rolled back due to technical concerns or customer feedback, office users are less secure today than they were last week; security teams need to be on high alert, and re-remind users about the risks of active content in office docs. While I was surprised to hear that there were plans to address it with a default macro disable, I’m even more surprised that those plans are being backpedaled.
Overall, the question of usability vs. security is a huge problem to solve, but the user hurdle of disabled macros is a far smaller price to pay than picking up the pieces of a successful Emotet attack. This attack path has been a well-known problem for decades and unfortunately, the approach to mitigating the risk of macros has always been on the end user, rather than fix at the source. I would be prepared for a spike in macro based cyber attacks, now that this attack path has been made easier again.
Susan Bradley Patch Lady/Prudent patcher
One should not blog while upset.
Susan Bradley Patch Lady/Prudent patcher
If they remove the mark of the web that should help as well. Anytime you have an Excel file that you want to use, you’ve vetted and that you want to trust, you should go into properties of the file and ensure it doesn’t have “mark of the web”.
Susan Bradley Patch Lady/Prudent patcher
If they remove the mark of the web that should help as well..
Hi Susan:
I’m a bit confused by the instructions in the Microsoft Docs article Macros From the Internet Will be Blocked by Default in Office. The “Prepare for Change” section at the top of that article says “Have users clear the Unblock checkbox on the General tab of the Properties dialog for the file to make it a Trusted Document (which sounds to me like they should uncheck / disable that Unblock checkbox) …
…but the Mark of the Web and Trusted Documents section of that same Microsoft Docs article says that users should “select Unblock, which will remove Mark of the Web from the file and allow the macros to run, as long as no policy or Trust Center setting is blocking.”
A few users posting in Amit Rakibe’s Microsoft Has Blocked Macros From Running Because the Source is Untrusted thread in the MS Answers forum said they checked / enabled that Unblock check box and still couldn’t open Excel files that contained VBA macros, even after they re-mapped their network drive (file server) and added the share to the Trusted Locations in Excel.
I know a bit about Windows server administration but I’ve never worked as a system admin and I’m not personally affected by this problem on my home computer. However, after reading the comments in Amit Rakibe’s thread it sounds like Microsoft didn’t anticipate how much difficulty some users would have trusting Excel workbooks containing VBA macros once this policy change went live. It’s unfortunate, but I can see why Microsoft decided to temporarily roll back this change.
—————
Dell Inspiron 5584 * 64-bit Win 10 Pro v21H2 build 19044.1766 * Firefox v102.0.1 * Microsoft Defender v4.18.2205.7-1.1.19300.2 * Malwarebytes Premium v4.5.10.200-1.0.1709 * MS Office 2019 Home and Business Version 2206 (Build 15330.20230 Click-to-Run)
Hi Susan:
I’m a bit confused by the instructions in the Microsoft Docs article Macros From the Internet Will be Blocked by Default in Office. The “Prepare for Change” section at the top of that article says “Have users clear the Unblock checkbox on the General tab of the Properties dialog for the file to make it a Trusted Document (which sounds to me like they should uncheck / disable that Unblock checkbox) …
That section has now been corrected by Microsoft, replacing “clear” with “select” (after I added a comment to that page about the error):
Have users select the Unblock checkbox on the General tab of the Properties dialog for the file to make it a Trusted Document.
Macros from the internet will be blocked by default in Office
Updated documentation : Macros from the internet will be blocked by default in Office
Current Channel — Version 2206
Begin rolling out on July 27, 2022
FYI
Bleeping Computer – Microsoft resumes default blocking of Office macros after updating docs
———————————————————–
https://www.bleepingcomputer.com/news/microsoft/microsoft-resumes-default-blocking-of-office-macros-after-updating-docs/
“Microsoft announced today that it resumed the rollout of VBA macro auto-blocking in downloaded Office documents after temporarily rolling it back earlier this month following user feedback.
The change comes after the company improved its user and admin support documentation to make it easier to understand the available options when a macro is blocked.”
HTH.
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
