Microsoft reverses its reversal on blocking Office macros by default

Published by
Peter Kavinsky

A Microsoft Word document with a malicious macro embedded as part of an IRS-themed malware campaign. Image Credits: Microsoft.

Microsoft said it is still planning to block Visual Basic Applications (VBA) macros by default in Office apps after quietly rolling back the planned change last month.

VBA Macros are lines of code that allow users to automate routine processes — like data collection or running certain tasks — in Microsoft Office applications. While this makes them a handy tool for businesses, particularly those in accounting and finance, macros have long been popular with cybercriminals, who — until recently — could easily embed a malicious macro into a document to deliver malware via email attachments.

Microsoft announced in February, much to the delight of the cybersecurity community, that it would soon block VBA macros sourced from the internet from running by default. The change, which Microsoft at the time said would “prevent users from inadvertently opening files from the internet that contain macros,” was due to take effect in June. But, as spotted by Bleeping Computer, Microsoft quietly rolled back the change on June 30, citing unspecified “user feedback.”

Microsoft faced a barrage of angry comments in Reddit threads and on social media lamenting the change of heart. But the software giant has since confirmed that the surprise U-turn was only temporary, adding that it is “fully committed” to blocking internet macros by default.

“Following user feedback, we have rolled back this change temporarily while we make some additional changes to enhance usability. This is a temporary change, and we are fully committed to making the default change for all users,” said Kellie Eickmeyer, principal product manager at Microsoft, in a blog post update.

Microsoft said in the blog post that users can still block internet macros by changing certain Group Policy settings.

TechCrunch asked Microsoft how it planned to enhance usability and when the blocking of macros would take effect but a spokesperson did not immediately comment.

The move to block macros by default appeared to have been working until Microsoft’s reversal last month. A recent Emotet test campaign observed by cybersecurity firm ESET reveals that attackers may already be moving away from macros-based attacks given Microsoft’s plans to block VBA macros by default. Emotet, a notorious botnet used by cybercriminals to send spam emails, is already replacing Microsoft Word documents with a shortcut file as the malicious attachment.

HP Wolf said in May that it’s also observed a rise in threat actors turning to non-Office-based formats as Microsoft began blocking macros, including a fourfold rise in the use of Java archive files.

Source: TechCrunch

Peter Kavinsky

Peter Kavinsky is the Executive Editor at

Published by
Peter Kavinsky

Recent Posts

  • News

St. John Bosco Football Live California (CA) State Varsity Boys Football

Click Here to Watch this High School Football Live Online for Free! St. John Bosco…

3 mins ago
  • News

Киев опроверг заявление Минобороны РФ о взятии Песков | Новости из Германии об Украине | DW

На 172-й день полномасштабного военного вторжения России в Украину войска РФ продолжают попытки захватить населенные…

5 mins ago
  • News

Zakharova accused Amnesty International of hypocrisy

Western human rights activists use anti-scientific approach to support Ukraine, Zakharova believes A photo: Eduard…

8 mins ago
  • News

Ukrainian Armed Forces Destroyed Two Russian Ka-52 Helicopters Last Weekend

On August 13-14, the armed forces of Ukraine destroyed two Russian Ka-52 helicopters. According to…

8 mins ago
  • News

Joaquin Maestre: From Dialysis to Half Marathon Training | Sports social networks

While running the little over 21 kilometers it takes for a half marathon is already…

14 mins ago
  • News

How to watch Chelsea v Tottenham on TV and online

Chelsea host Tottenham Hotspur in the Premier League on Sunday. The two London rivals started…

15 mins ago