How Microsoft Will Block Macros To Stop Malware


Microsoft recently announced that it will be blocking Visual Basic for Applications (VBA) macros by default as a way to stop the spread of malware. Since these macros are important automation tools for Microsoft Office apps, how is this going to work?

What Are Visual Basic for Applications (VBA) Macros?

Visual Basic for Applications (VBA) for Office is the programming language behind Excel and other office apps. VBA can accomplish almost every operation that can be performed with a mouse, keyboard, or a dialog box. Also, it is the automation of repetitive tasks that is one of the most common uses of VBA in Office. VBA macros, therefore, are a series of instructions written (in VBA) into a single command to automate tasks e.g., with a single click.

What’s The Problem?

Microsoft says that although VBA macros are tools designed to make routine entry work simpler, they have long been abused by hackers and bad actors to deliver malicious payloads such as ransomware to unsuspecting users. For example, Tom Gallagher from Microsoft’s Office Security team recently said that “A wide range of threat actors continue to target our customers by sending documents and luring them into enabling malicious macro code”. Mr Gallagher has also highlighted how malicious code is usually part of a document that originates from the internet (email attachment, link, internet download, etc.). Once enabled, the malicious code can gain access to the identity, documents, and the network of the person who enabled it.

Safest Option – Block Them By Default

Since, as described by Microsoft’s Tom Gallagher, VBA macros are obtained from the internet, Microsoft says, therefore, that the most secure option is now to simply block them by default.

Message Displayed

With macros being blocked, instead of being allowed to enable macros just by clicking a button, users will instead see a message bar notifying them that macros are blocked, next to an option to learn more. Although it will still be possible to enable macros, this will require users to travel go through more layers, thereby reducing the possibility of accidentally clicking on a phishing email.

What And When?

Microsoft says that, for now, the functionality will be limited to the Windows version of Microsoft Office and will be enabled in Access, Excel, PowerPoint, Visio, and Word.

The new change will be rolled out in a preview (version 2203) in the Current Channel, due in early April. This will then be gradually rolled out to the Monthly Enterprise Channel and Semi-Annual Enterprise Channel.

What Does This Mean For Your Business?

This change by Microsoft, which was prompted by ongoing cloud migration and increased remote and hybrid working, is designed to increase safety and security, particularly for remote workers. What it essentially does is to make it much more difficult for users to be fooled into running malicious code via social engineering while, at the same time, keeping a path for legitimate macros to be enabled through a trusted route where appropriate. The advice to IT and security teams is to work with any parts of the business that use macros in their Office files and, with any independent software vendors that are critical to the business who use macros within Office files.