Menu
Microsoft adds macros lockdown feature in Office 2016 in response to increasing attacks

Microsoft adds macros lockdown feature in Office 2016 in response to increasing attacks

Enterprise administrators will be able to disable macros for documents obtained from the Internet

Enterprise system administrators can now block attackers from using a favorite malware infection method: Microsoft Office documents with malicious macros.

Microsoft this week added a new option in Office 2016 that allows administrators to block macros -- embedded automation scripts -- from running in Word, Excel and PowerPoint documents that originate from the Internet.

Microsoft Office programs support macros written in Visual Basic for Applications (VBA), and they can be used for malicious activities like installing malware. Macro viruses were popular more than a decade ago but became almost extinct after Microsoft disabled macros by default in its Office programs.

But the technique made a comeback during the past two years, as attackers have figured out they can use some clever social engineering to convince users to execute macros embedded in documents.

For example, hackers send spam emails masquerading as invoices and other business-related messages with malicious Word documents attached. When opened, the documents show a fake warning message saying the content cannot be displayed for security reasons until the user enables macros.

Both cybercriminal and cyberespionage groups currently use this technique, to the extent that Microsoft's threat data from Office 365 shows macros are involved in 98 percent of Office-related attacks.

Office has long included a setting to block macros in all documents without warning the user and offering the option to bypass the restriction. However, this is not practical for many enterprises because macros can serve a legitimate purpose and are useful for certain businesses workflows.

That's why Microsoft has now come up with a better solution: a group policy setting that administrators can use to disable macros only for Office files obtained from locations that Windows considers part of the Internet zone. This includes files downloaded from any Internet websites, including cloud storage providers like Microsoft OneDrive, Google Drive and Dropbox; documents attached to emails received from addresses outside the organization; and documents downloaded from file-sharing sites.

The new setting is called, "block macros from running in Office files from the Internet" and can be found in the group policy management editor under User configuration > Administrative templates > Microsoft Word 2016 > Word options > Security > Trust Center. It can be configured for each Office application.

When the setting is enabled, a user who attempts to open a document that contains macros will see a blocked content warning: "Macros in this document have been disabled by your enterprise administrator for security reasons." The user won't have an option to manually bypass the restriction.

"For end-users, we always recommend that you don’t enable macros on documents you receive from a source you do not trust or know, and be careful even with macros in attachments from people you do trust -- in case they’ve been hacked," researchers from the Microsoft Malware Protection Center said in a blog post.

"For enterprise administrators, turn on mitigations in Office that can help shield you from macro-based threats, including this new macro-blocking feature," they added. "If your enterprise does not have any workflows that involve the use of macros, disable them completely."

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments