CATEGORIES
home News

Microsoft Finally Figured Out A Way To Protect Office From Malware Macros

by Lane BabuderTuesday, February 08, 2022, 01:25 PM EDT
microsoft building news
Since their beginning, macros in Office applications have been both a blessing and a curse for users and system administrators alike. The feature causes significant security woes due to many methods of exploitation in the macro system. Now Microsoft has stated that its popular productivity suite is getting extra layers of security to keep users safe from malware-infested macros.

Most commonly used alongside Excel, macros are a tool for Office applications that allow for task automation beyond typical formulaic control. Today they look different, but macros have existed in Excel since its first release. The version of macros we see today takes advantage of Microsoft's programming language, Visual Basic, and more specifically the 'for Applications' variant. This is an extremely powerful, albeit potentially dangerous tool.

microsft security news
Support for macros has been expanded beyond just Excel since its inception; they now work on Access, Excel, Word, Outlook, and PowerPoint. Therein lies the problem. The support in these applications and a powerful programming language have allowed bad actors to abuse this functionality for years. A method for attackers is to spoof an e-mail address or name. Then the attacker sends a message with an Office Application attachment. Upon opening this less than savory attachment, often a user clicks through prompts allowing a macro to run without a second thought. Then this less-than-savory macro can do things like download and install software, often including viruses or malware.

To combat this, Microsoft has stated that they are changing the behavior in Microsoft Office applications. Upon downloading a file or attachment from an unknown or untrusted source, the end-user will see a red bar with a security warning. This behavior will be the default for all users upon the Office 2203 update starting in April 2022. Microsoft advises system administrators to enforce this policy according to new security baselines.

office news
The update will start being made available in April 2022 under the Current Channel (Preview), with a later release added to Enterprise and Semi-Annual Enterprise Channels. Deployment to older Office Applications have no date but are planned for Office versions back to Office 2013. You can check out the full announcement for more specifics.
Tags:  Microsoft, security, office, (nasdaq:msft)
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment