Microsoft’s decision not to block Visual Basic for Applications (VBA) macros by default in Office applications is only temporary, as the company still plans on going through with the plan.
In a blog post (opens in new tab) updated last week, Microsoft principal product manager, Kellie Eickmeyer noted that, “Following user feedback, we have rolled back this change temporarily while we make some additional changes to enhance usability.
“This is a temporary change, and we are fully committed to making the default change for all users.”
Abusing macros
While Microsoft did not go into details on what that specific user feedback was, and what it plans on doing next, reports have said the issue is one of user training.
The company reportedly planned to have Office users enable macros by specifically needing to unblock the option in the file’s properties. These steps, it claims, will require user training, which is something Microsoft is now allegedly looking to simplify.
Right now, enabling macros is just one click away, as the option is served as a prompt in the upper part of the app. Microsoft’s plan was to replace this feature with a link, sending users to a support website holding the instructions.
Macros allow Office files to download files from the internet and run arbitrary code, and as such have been the perfect tool for cybercriminals looking to compromise corporate networks. Companies responded by tightening up their defenses with antivirus solutions, firewalls (opens in new tab), employee training, and security keys.
They’ve been so successful in abusing the functionality that Microsoft was eventually forced to shut it down, completely.
The change was scheduled to go live last month before Microsoft abruptly decided to postpone. Sme users were not satisfied with the change, saying that it won’t help improve the security posture, but rather expose user endpoints to even more risk.