Bad news for hackers and malware writers: Microsoft brings back VBA macro block in Office

Microsoft is resuming the rollout in Office to block by default files with macros from untrusted sources such as the internet.
Written by Liam Tung, Contributing Writer
older man working at an office facing a computer. a woman is talking to him
Image: gorodenkoff/Getty

Microsoft has resumed its rollout of the protection in Office that, by default, blocks untrusted macros from the internet. 

The company abruptly rolled back the default block on internet macros earlier this month, surprising some because it was an effective obstacle to attackers tricking PC users into enabling macros in Office. Macros are already disabled by default but it was too easy for users to click to enable them, exposing networks to malware. 

A week later Microsoft confirmed that the rollback was only temporary as it made some changes to enhance usability

SEE: Microsoft: Roll back of VBA macro block in Office is only temporary

Microsoft has now updated its documentation for Office macro behavior with separate information for end users and IT admins. This information details what options users have for different scenarios, such as macros in files from trusted sources like SharePoint or a network share. 

For end users, the documentation details how to unblock a single file within the Office app's Properties options, unblocking a single file received via email, and unblocking all files from a specific network share or website. Users can also unblock all files from a trusted folder on the user's hard drive by adding a folder to the Trusted Location within the Trust Center, which can be found in the Office app under File > Options and then selecting Trust Center.    

The documentation for admins offers a table of different common scenarios and various approaches to unblocking VBA macros.    

"We're resuming the rollout of this change in Current Channel. Based on our review of customer feedback, we've made updates to both our end user and our IT admin documentation to make clearer what options you have for different scenarios," Microsoft notes in an update.  

"If you ever enabled or disabled the Block macros from running in Office files from the Internet policy, your organization will not be affected by this change," it added. 

Rolling back the default block on untrusted VBA macros in Office was seen as a bad move given how frequently hackers and scammers abused the ability for users to click to enable macros. But in this case, Microsoft mostly failed to communicate the reason for rolling back the protection and that it was only temporary. 

Editorial standards