Microsoft adds macros lockdown feature in Office 2016 in response to increasing attacks

Enterprise administrators will be able to disable macros for documents obtained from the Internet

Enterprise system administrators can now block attackers from using a favorite malware infection method: Microsoft Office documents with malicious macros.

Microsoft this week added a new option in Office 2016 that allows administrators to block macros -- embedded automation scripts -- from running in Word, Excel and PowerPoint documents that originate from the Internet.

Microsoft Office programs support macros written in Visual Basic for Applications (VBA), and they can be used for malicious activities like installing malware. Macro viruses were popular more than a decade ago but became almost extinct after Microsoft disabled macros by default in its Office programs.

But the technique made a comeback during the past two years, as attackers have figured out they can use some clever social engineering to convince users to execute macros embedded in documents.

For example, hackers send spam emails masquerading as invoices and other business-related messages with malicious Word documents attached. When opened, the documents show a fake warning message saying the content cannot be displayed for security reasons until the user enables macros.

Both cybercriminal and cyberespionage groups currently use this technique, to the extent that Microsoft's threat data from Office 365 shows macros are involved in 98 percent of Office-related attacks.

Office has long included a setting to block macros in all documents without warning the user and offering the option to bypass the restriction. However, this is not practical for many enterprises because macros can serve a legitimate purpose and are useful for certain businesses workflows.

That's why Microsoft has now come up with a better solution: a group policy setting that administrators can use to disable macros only for Office files obtained from locations that Windows considers part of the Internet zone. This includes files downloaded from any Internet websites, including cloud storage providers like Microsoft OneDrive, Google Drive and Dropbox; documents attached to emails received from addresses outside the organization; and documents downloaded from file-sharing sites.

The new setting is called, "block macros from running in Office files from the Internet" and can be found in the group policy management editor under User configuration > Administrative templates > Microsoft Word 2016 > Word options > Security > Trust Center. It can be configured for each Office application.

When the setting is enabled, a user who attempts to open a document that contains macros will see a blocked content warning: "Macros in this document have been disabled by your enterprise administrator for security reasons." The user won't have an option to manually bypass the restriction.

"For end-users, we always recommend that you don’t enable macros on documents you receive from a source you do not trust or know, and be careful even with macros in attachments from people you do trust -- in case they’ve been hacked," researchers from the Microsoft Malware Protection Center said in a blog post.

"For enterprise administrators, turn on mitigations in Office that can help shield you from macro-based threats, including this new macro-blocking feature," they added. "If your enterprise does not have any workflows that involve the use of macros, disable them completely."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?