If you are using microsoft-office on your Windows PC, you may want to keep an eye out for potential new security issues.
Microsoft just backtracked on a decision which took at the beginning of 2022 and will no longer block Visual Basic for Applications (VBA) macros in Office files by default in Word, PowerPoint, Excel, Access, and Visio.
Rolling back means you no longer have to go to the file properties, save the file to a specific location, or mark it as a trusted document to fully interact with a file that has macros enabled. Microsoft is now effectively reverting to an older security system, where you can simply click “enable content” to open Office files with macros.
This rollback option also has huge security implications. While macros are popularly used to replace a repetitive series of keyboard and mouse actions in Office, they are also used by hackers. Those with malicious intent can unleash malware on unsuspecting users who open downloaded Office documents that have macros enabled. No longer blocking them by default could mean that Office users could be more open to these kinds of attacks.
An update on this decision was also posted in the Microsoft 365 message center, which is typically accessed by IT administrators to view important service alerts. Microsoft explained the change, saying it was based on feedback. It also seemed to hint that an upgrade could be coming soon. This reversal was first released to wider audiences in June 2022, according to Bleeping Computer.
“We appreciate the feedback we’ve received so far, and we’re working to make improvements to this experience. We will provide another update when we are ready to release back to the current channel. Thank you,” the message says.
Many Office users have noticed this change and have commented on Microsoft’s original announcement about blocking VBA macros. These users seem to be upset with the company’s communication about such a big security change and want Microsoft to be more transparent about the reasoning. Some were also upset about the additional steps originally required to unlock Office documents with VBA macros. IT administrators likely had a lot of headaches retraining users on how to enable macros.
In a statement to Bleeping Computer, Microsoft indicated that it “has nothing further to share” on why it is reverting the change.