{"id":19562,"date":"2022-07-11T02:10:09","date_gmt":"2022-07-11T10:10:09","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2022\/07\/11\/news-13295\/"},"modified":"2022-07-11T02:10:09","modified_gmt":"2022-07-11T10:10:09","slug":"news-13295","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2022\/07\/11\/news-13295\/","title":{"rendered":"Microsoft appears to be rolling back Office Macro blocking"},"content":{"rendered":"

Credit to Author: Christopher Boyd| Date: Mon, 11 Jul 2022 09:12:17 +0000<\/strong><\/p>\n

We’re seeing several reports indicating that Microsoft may have rolled back its decision to block Macros in Office<\/a>. Currently no official statement exists\u2014the reports rely on a post by a Microsoft employee in the replies of the original article where the plan to block macros was announced<\/a>. <\/p>\n

Earlier this year, Microsoft decided to disable macros downloaded from the Internet<\/a> in five Office apps, by default. Users trying to open files downloaded from the Internet that contained macros would see a message, with a link to an article explaining the block.<\/p>\n

\n

SECURITY RISK: Microsoft has blocked macros from running because the source of this file is untrusted<\/p>\n<\/blockquote>\n

Malicious macros have been popular with criminals for more than three decades, and the step was welcomed by the security community. However, some users of Microsoft products have queried a surprising change. Dangerous files downloaded from the internet are not<\/em> being treated as expected in Office.<\/p>\n

The shifting sands of macro blocking<\/h2>\n

Bizarrely, we’ve only experienced a few months of no macro worries as people discover the currently changing situation. A recent comment<\/a> on the article describing the block mentioned that macro blocking has now been removed in Office Current Channel<\/a>:<\/p>\n

\n

Is it just me or have Microsoft rolled this change back on the Current Channel?<\/p>\n

I was trying to reproduce the pinkish-red ‘Security Risk\u2026 Learn More’ notification in the Message Bar, in preparation for demonstrating the new default behaviour for a YouTube video I’m putting together about my company’s macro-enabled toolkit.<\/p>\n

Created a simple .xlsm to show a MsgBox in the open event of the workbook, saved it and uploaded it to cloud storage, deleted it from my local storage, re-downloaded it from cloud storage (to a non-trusted location, my Downloads library)\u2026 did not use the Unblock checkbox on the Properties dialog to remove the mark of the web\u2026 then opened up the file.<\/p>\n

It first went into Protected View (expected behaviour), but then after I clicked Enable Editing, instead of getting the pink\/red message about macros being blocked altogether, I just got the old ‘Security warning\u2026’ message with the ‘Enable Content’ button. The file’s VBA project wasn’t digitally signed, wasn’t saved to a Trusted Location, and still had the mark of the web on it\u2026 so macros should have been blocked.<\/p>\n<\/blockquote>\n

A response<\/a> came from someone called Angela Robertson, billed as “A Microsoft employee on the Microsoft Tech Community”:<\/p>\n

\n

Based on feedback received, a rollback has started. An update about the rollback is in progress. I apologize for any inconvenience of the rollback starting before the update about the change was made available.<\/p>\n<\/blockquote>\n

Waiting for more information<\/h2>\n

At the time of writing, we can’t say what this community feedback is or why it’s been so influential in triggering the apparent decision to disable macro blocking. The response in security circles is somewhat less than enthusiastic<\/a>, and there’s no new information outside of waiting to see what’s contained in the promised “update”.<\/p>\n

Indeed, all we have currently is a second Microsoft post<\/a> which confirms the rollback:<\/p>\n

\n

…based on feedback, we\u2019re rolling back this change from Current Channel production. We appreciate the feedback we\u2019ve received so far, and we\u2019re working to make improvements in this experience. We\u2019ll provide another update when we\u2019re ready to release again to Current Channel. Thank you.<\/p>\n<\/blockquote>\n

We will update this article as soon as Microsoft clarifies what exactly is going on.<\/p>\n

The post Microsoft appears to be rolling back Office Macro blocking<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Christopher Boyd| Date: Mon, 11 Jul 2022 09:12:17 +0000<\/strong><\/p>\n

We waited three decades for macro blocking…and now it’s going away again!<\/p>\n

The post Microsoft appears to be rolling back Office Macro blocking<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[1001,19468,10796,25828,10516,3245,26905,10525,10882],"class_list":["post-19562","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-business","tag-excel","tag-macros","tag-mark-of-the-web","tag-microsoft","tag-office","tag-vba-macros","tag-windows","tag-word"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/19562","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=19562"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/19562\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=19562"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=19562"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=19562"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}