Microsoft upgrades Office security by blocking VBA macros by default

Microsoft upgrades Office security by blocking VBA macros by default

There’s been some back and forth since the change was originally announced, but this week Microsoft began rolling out an update to Microsoft Office that blocks the use of Visual Basic for Applications (VBA) macros on downloaded documents.

Last month, Microsoft was testing the new default setting when it suddenly rolled back the update, “temporarily while we make some additional changes to improve usability.” Despite saying it was temporary, many experts were concerned that Microsoft might not go through with changing the default setting, leaving systems vulnerable to attack. Head of Google’s threat analysis group, Shane Huntley tweeted“Blocking Office macros will do infinitely more to actually defend against real threats than all the threat intelligence blog posts.”

Now the new default is rolling out, but with updated language to notify users and administrators of their options when they try to open a file and it’s blocked. This only applies if Windows, using the NTFS file system, notes what was downloaded from the Internet and not a network drive or website that administrators have marked as safe, and it does not change anything on other platforms such as Mac, Office on Android / iOS or Office online.


We are resuming the rollout of this change in the current channel. Based on our review of customer feedback, we’ve made updates to both the end-user and IT administrator documentation to make it clearer what options you have for different scenarios. For example, what to do if you have files on SharePoint or files on a network share. Please refer to the following documentation:

• For end users, a potentially dangerous macro has been blocked

• For IT administrators, macros from the internet will be blocked by default in Office

If you have ever enabled or disabled the block macros from running in Office files from the Internet policy, your organization will not be affected by this change.

While some use the scripts to automate tasks, hackers have been abusing the feature with malicious macros for years, tricking people into downloading a file and running it to compromise their systems. Microsoft noted how administrators could use Group Policy settings in Office 2016 to block macros across their organization’s systems. Still, not everyone turned it on, and attacks continued, allowing hackers to steal data or distribute ransomware.

Users who try to open files and get blocked will get a popup that sends them to this page, explaining why they probably don’t need to open that document. It starts by running through several scenarios where someone might try to trick them into executing malware. If they really need to see what’s inside the downloaded file, it goes on to explain ways to access it, all of which are more complicated than what happened before, where users could usually activate macros by pressing one button in the warning banner.

This change may not always stop someone from opening a malicious file, but it adds more layers of warning before they can get there, while giving access to people who say they absolutely need it.

Leave a Reply

Your email address will not be published.