On the other hand, some infosec professionals felt Microsoft should have made the move sooner. Security researcher Kevin Beaumont responded to Carr, calling it a "really, really good win." In a Twitter thread Monday, Nick Carr, cyber crime intelligence lead at Microsoft, referred to the change as "major progress" and a "data-driven win for security over many other business drivers." Restricting macros in this new manner will prevent many of these attacks from occurring," he said in an email to SearchSecurity. "History has shown a user will click on any warning dialog, regardless how dire the message, just to get their document open.
Dustin Childs, communications manager of the Trend Micro Zero Day Initiative, said blocking macros will benefit the overall security for end users by reducing the attack surface. While it is unclear what spurred the decision to disable VBA macros by default now, many infosec professionals said the change is positive. Microsoft declined a request for comment about the change.
How to enable macro in excel code#
In another statement on the blog, Tristan Davis, partner group program manager for the Office platform, said Microsoft will continue to "make it more difficult to trick users into running malicious code via social engineering."
In addition, Microsoft recommended that organizations use the "Block macros from running in Office files from the Internet" policy to prevent users from inadvertently opening malicious files.
How to enable macro in excel windows#
One practice Eickmeyer cited is saving files to remove the "mark of the web," which she said is an "attribute added to files by Windows when it is sourced from an untrusted location" such as the internet. The blog post also offered guidance for users who choose to enable macros. Now, Eickmeyer said, a message bar will appear for users, notifying them with a button to learn more about the security risks and safe practices. To address this notable attack vector, users will no longer be able to enable macros in files obtained from the internet with the simple click of a button. In a statement on the blog, Tom Gallagher, partner group engineering manager of Office security, said that a "wide range of threat actors continue to target" Microsoft customers by "sending documents and luring them into enabling malicious macro code." According to Check Point's "Brand Phishing Report" for the fourth quarter of 2021, Microsoft ranked as the second-most frequently targeted brand. Now, business email compromises and phishing scams have skyrocketed. The problem dates back to the late '90s, from what has become known as the Melissa virus, a mass-mailing macro campaign that targeted Microsoft Word and Outlook-based systems. "Bad actors send macros in Office files to end users who unknowingly enable them, malicious payloads are delivered, and the impact can be severe including malware, compromised identity, data loss and remote access," the blog post said. Despite organizations disabling VBA macros, users could enable macros with the click of a button, despite a notification bar with a warning, according to the blog. That can be risky as macros are a common place to hide malware and can lead to threats like phishing emails. Currently, accessing Visual Basic Application (VBA) macros is part of Microsoft's automated capabilities. Macros have long been considered a security risk, with many infosec vendors and experts recommending that organizations disable the feature.
0 kommentar(er)
