Microsoft Reverses Office Macro Blocking Decision

Microsoft has quietly reversed an earlier decision to block Internet macros by default in Office.

The company initially announced in February that Office would automatically block macros with the "mark of the Web" (MOTW) to combat the rise in attackers using e-mail attachments with embedded malicious macros. Previously, Office would process MOTW macros as external links and automatically navigate users to the Web-based location.

Starting with the April rollout of Version 2203, Office automatically blocked the potentially harmful links when clicked by users and displayed a security risk warning.

Microsoft unceremoniously announced the course correction on Friday with a short update to the original Microsoft 365 blog post from February:

Following user feedback, we have rolled back this change temporarily while we make some additional changes to enhance usability. This is a temporary change, and we are fully committed to making the default change for all users.

Regardless of the default setting, customers can block internet macros through the Group Policy settings described in this article.

Prior to Friday's update, users started to notice the stealth reversal of the Office policy. Commenting on the original February post this week, user "vincehardwick" noted that when trying to demonstrate the new security feature in a video for his organization by clicking on an external macro, "the pinkish-red 'Security Risk... Learn More' notification" did not pop up.

"It feels like something has undone this new default behavior very recently," wrote vincehardwick. "Maybe Microsoft Defender is overruling the block?"

Shortly after vincehardwick's comment was posted on Wednesday, Microsoft representative Angela Robertson responded, saying that the company had, in fact, instigated a rollback on the policy.

While Microsoft has yet to provide any further insight into the recent change, it appeared to be an unpopular policy among a group of users. In a comment posted shortly after the April rollout, user "yrzhl" expressed his disappointment with the policy, saying it made it hard to interact with his own custom macros.

"I made [my custom Excel macro] available offline from my laptop and after the update (Version 2205), I just received this information and the macro document showed me the security risk banner instead of security warning which I can enable macro," yrzhl wrote. "This is very frustrating as I made the macro for my coworkers to update stock document easily."

Microsoft said it will provide more details on the decision in the coming weeks.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.


comments powered by Disqus

Subscribe on YouTube