Microsoft updates Office security by blocking VBA macros by default

Microsoft updates Office security by blocking VBA macros by default

There’s been a bit of back-and-forth since the change was originally announced, but this week Microsoft began rolling out an update to Microsoft Office that blocks the use of Visual Basic for Applications (VBA) macros in downloaded documents.

Last month, Microsft was testing the new default when the update suddenly rolled back, “temporarily while we make some additional changes to improve the user experience.” Although it was only temporary, many experts feared that Microsoft would not be able to change the default setting, leaving systems vulnerable to attack. Shane Huntley, leader of the Google Threat Analysis Group tweeted“Blocking Office macros would do infinitely more to actually defend against real threats than all of Intel’s threat blog posts.”

Now introducing the new default but with updated language to alert users and admins what their options are when they try to open a file and it gets blocked. This only applies when Windows, which uses the NTFS file system, notes it as downloaded from the Internet and not as a network drive or website that administrators have marked as safe, and it is used on other platforms such as Mac, Office on Android/iOS or Office on the web.


We’re resuming the rollout of this change in the current channel. Based on our review of customer feedback, we’ve updated both our end-user and IT admin documentation to make it clearer what your options are for different scenarios. For example what to do if you have files on SharePoint or files on a network share. Please note the following documentation:

• For end users: A potentially dangerous macro has been blocked

• For IT administrators, macros from the Internet are blocked in Office by default

If you’ve ever enabled or disabled running macros to block Office files through Internet Policy, your organization is not affected by this change.

While some people use the scripts to automate tasks, for years hackers have abused the feature with malicious macros, tricking people into downloading and running a file to compromise their systems. Microsoft determined how administrators could use Group Policy settings in Office 2016 to block macros in their organization’s systems. Still, not everyone turned it on, and attacks continued, allowing hackers to steal data or distribute ransomware.

Users who try to open files and get blocked will get a pop-up window directing them to this page and explaining why they probably don’t need to open this document. It starts by going through several scenarios where someone might try to trick you into running malware. If they really need to see what’s in the downloaded file, ways to access it are explained, all more complicated than before where users could normally enable macros by pressing a button in the warning banner.

This change might not always stop someone from opening a malicious file, but it does provide several more layers of warning before they can get there, while still providing access for those people who say they absolutely need it.

Leave a Reply

Your email address will not be published.