Sign In

Communications of the ACM

ACM News

Microsoft to (Finally) Block Macros to Stop Malware

View as: Print Mobile App Share:

VBA macros are powerful automation tools that can add functionality to Microsoft Office, but hacking groups often abuse them to distribute harmful payloads like ransomware to unsuspecting users.


Microsoft has announced that it will begin blocking Visual Basic for Applications (VBA) macros by default in a variety of Office apps from April 2022 - making it more difficult for threat groups to remotely install malware via compromised documents.

The change will affect Office documents that are downloaded from the internet and contain macros.

Once the new functionality comes into effect, Office users will no longer be able to enable macros with a single click of a button. While it will still be possible to turn macros on, the simple confirmation pop-up that exists today will go the way of the dodo. Instead, users will see a message bar informing them that macros are blocked, alongside an option to learn more.

"For the protection of our customers, we need to make it more difficult to enable macros in files obtained from the internet," said Kellie Eickmeyer, a principal PM at Microsoft.

From Computing (U.K.)
View Full Article



No entries found