Microsoft confirms VBA macro backtrack is only "temporary"
More details on the project's timeline will be revealed but there is still no details on the feedback that prompted Microsoft to reverse the change in the first place
Microsoft has said its reported unblocking of VBA macros for Office documents is only a temporary measure and they will be blocked again soon by default.
Security experts were quick to criticise Microsoft after the news broke last week that it would be reversing the change it announced in February, one that was greeted overwhelmingly positively at the time.
In a Friday update to the company’s original announcement blog post, Microsoft explained that the rollback of the default VBA macro block was a temporary measure taken while it makes changes to increase usability.
“This is a temporary change, and we are fully committed to making the default change for all users,” it added.
Microsoft has not detailed the timeline for when it expects to re-enable the default block on VBA macros, but plans to provide additional details “in the upcoming weeks”.
Why did Microsoft backtrack?
Angela Robertson, principal group product manager at Microsoft Office 365’s identity and security team, replied to a user on a Microsoft support forum last week explaining that the company’s heralded new stance on VBA macros was going to be reversed.
The company said in February that it would block them by default for five Office apps - news that was greeted warmly by the community, albeit a move many deemed to be long overdue.
Robertson explained that the decision was made following user feedback and that a more detailed explanation would be reaching the community soon.
Which is the best way to acquire your IT?
Purchase, lease or consumption-based IT solutionsFree Download
It’s still unclear what the feedback was to prompt the decision, but Office macros are often used to automate highly manual functions in files such as spreadsheets, and various company departments use them to streamline their workflows.
The issue with VBA macros is that the feature is often abused in phishing attacks. A typical scenario would see a cyber criminal send a specially crafted document to an unwitting victim, encouraging them to download and open the document, such as an Excel file.
The victim would be greeted by a familiar user interface but in order to interact with the document, they would have to click a button in a ribbon to ‘enable content’. This would then trigger a download and installation of malware or ransomware, in a typical attack scenario.
Microsoft’s decision to disable VBA macros by default came into effect in April and experts said the change “had already begun to influence threat actor behaviours to use other things”.
The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks
Business benefits and cost savings enabled by IBM Turbonomic Application Resource ManagementFree Download
The Total Economic Impact™ of IBM Watson Assistant
Cost savings and business benefits enabled by Watson AssistantFree Download
The field guide to application modernisation
Moving forward with your enterprise application portfolioFree Download
AI for customer service
Discover the industry-leading AI platform that customers and employees want to useFree Download