Again in February I applauded Microsoft for taking a decisive step within the battle in opposition to macro malware. Right here’s a part of what I wrote:
…greater than 25 years after it first distributed the Idea virus on CD-ROM and kickstarted the entire downside, Microsoft has achieved one thing which is likely to be extra profitable at stopping the unfold of macro malware.
Microsoft has introduced that… it’s altering the default habits of Workplace functions in order that they block macros in recordsdata from the web.
What’s extra, it gained’t give customers a easy one-click method to enable the macros to run, foiling a lot of the social engineering tips generally utilized by cybercriminals.
Based on Microsoft, its merchandise would not show a yellow warning strip alongside the highest of paperwork containing macros which – with some intelligent social engineering – might dupe unsuspecting customers into clicking an “Allow Content material” button and permitting the malicious macros to run.
As an alternative, the brand new design would see a redesign (no extra yellow. hi there pink strip!) with out an oh-so-tempting-and-oh-so-dangerous “Allow content material” button.
SECURITY RISK: Microsoft has blocked macros from working as a result of the supply of this file is untrusted. <Study Extra>
Sadly, issues haven’t gone as easily as Microsoft (and, certainly, the remainder of us) may need hoped:
Replace on July 6, 2022: Based mostly on suggestions, we’re rolling again this alteration from Present Channel. We recognize the suggestions we’ve obtained to this point, and we’re working to make enhancements on this expertise. We’ll present one other replace after we’re able to launch once more to Present Channel. Thanks.
In different phrases, Microsoft has rolled again its plans. Which is sweet information for hackers who can proceed to depend on the years-old strategy of hiding malicious macros inside Workplace paperwork – for now at the least.
Safety information, recommendation, and ideas.
Hopefully Microsoft will resolve no matter points have bubbled up with its deliberate macro block, and may have one other stab quickly at killing such a typical vector of assault.
Discovered this text fascinating? Comply with Graham Cluley on Twitter to learn extra of the unique content material we publish.