Menu
Microsoft adds macros lockdown feature in Office 2016 in response to increasing attacks

Microsoft adds macros lockdown feature in Office 2016 in response to increasing attacks

Enterprise administrators will be able to disable macros for documents obtained from the Internet

Enterprise system administrators can now block attackers from using a favorite malware infection method: Microsoft Office documents with malicious macros.

Microsoft this week added a new option in Office 2016 that allows administrators to block macros -- embedded automation scripts -- from running in Word, Excel and PowerPoint documents that originate from the Internet.

Microsoft Office programs support macros written in Visual Basic for Applications (VBA), and they can be used for malicious activities like installing malware. Macro viruses were popular more than a decade ago but became almost extinct after Microsoft disabled macros by default in its Office programs.

But the technique made a comeback during the past two years, as attackers have figured out they can use some clever social engineering to convince users to execute macros embedded in documents.

For example, hackers send spam emails masquerading as invoices and other business-related messages with malicious Word documents attached. When opened, the documents show a fake warning message saying the content cannot be displayed for security reasons until the user enables macros.

Both cybercriminal and cyberespionage groups currently use this technique, to the extent that Microsoft's threat data from Office 365 shows macros are involved in 98 percent of Office-related attacks.

Office has long included a setting to block macros in all documents without warning the user and offering the option to bypass the restriction. However, this is not practical for many enterprises because macros can serve a legitimate purpose and are useful for certain businesses workflows.

That's why Microsoft has now come up with a better solution: a group policy setting that administrators can use to disable macros only for Office files obtained from locations that Windows considers part of the Internet zone. This includes files downloaded from any Internet websites, including cloud storage providers like Microsoft OneDrive, Google Drive and Dropbox; documents attached to emails received from addresses outside the organization; and documents downloaded from file-sharing sites.

The new setting is called, "block macros from running in Office files from the Internet" and can be found in the group policy management editor under User configuration > Administrative templates > Microsoft Word 2016 > Word options > Security > Trust Center. It can be configured for each Office application.

When the setting is enabled, a user who attempts to open a document that contains macros will see a blocked content warning: "Macros in this document have been disabled by your enterprise administrator for security reasons." The user won't have an option to manually bypass the restriction.

"For end-users, we always recommend that you don’t enable macros on documents you receive from a source you do not trust or know, and be careful even with macros in attachments from people you do trust -- in case they’ve been hacked," researchers from the Microsoft Malware Protection Center said in a blog post.

"For enterprise administrators, turn on mitigations in Office that can help shield you from macro-based threats, including this new macro-blocking feature," they added. "If your enterprise does not have any workflows that involve the use of macros, disable them completely."

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Slideshows

Meet the leading HP partners in New Zealand...

Meet the leading HP partners in New Zealand...

HP has recognised its top performing partners in New Zealand at the second annual 2016 HP Partner Awards, held at a glittering bash in Auckland. The HP Partner Awards recognises and celebrates excellence, growth, consistency and engagement of its top partners. This year also saw the addition of several new categories, resulting in 11 companies winning across 11 award categories.

Meet the leading HP partners in New Zealand...
Channel comes together as Ingram Micro Showcase hits Auckland

Channel comes together as Ingram Micro Showcase hits Auckland

Ingram Micro outlined its core focuses for 2017 at Showcase in Auckland, bringing together the channel for a day of engaging keynotes, compelling breakout sessions and new technologies.

Channel comes together as Ingram Micro Showcase hits Auckland
Show Comments