Microsoft Enhances Group Policy Controls for Office 2016 Macro Threats
Microsoft has ratcheted up IT pro controls to thwart malware that could spread through Office 2016 macros.
It's now possible to block end users from turning on macros in Excel, PowerPoint and Word when those documents are accessed from the Internet. That's done by making Group Policy configuration changes using the Group Policy Management Editor, Microsoft explained, in an announcement this week.
IT pros need Group Policy Administrative Templates for Office 2016 to carry out the policy change. Microsoft publishes those templates for Office Professional Plus 2016 and Office 365 ProPlus 2016 versions at this page. The macro-blocking capability works with Office 2016 installed on Windows systems as far back as Windows 7 and Windows Server 2008 R2.
IT pros can change these settings in the Trust Center for Office 2016 applications within the Group Policy Management Editor. The policy change will just affect Excel, PowerPoint and Word documents that come from the Internet, which is called the "Internet Zone" in Windows. For instance, the Group Policy changes can set policies for documents arriving via e-mail attachments or documents accessible through file shares that are outside the organization's domain. The Group Policy changes also take effect for documents that get downloaded from storage services, such as Dropbox, Google Drive and OneDrive, the announcement explained.
There's just one exception to this macro-blocking capability. It doesn't affect Office 2016 documents if the file was saved to "a trusted location or was previously trusted by the user," per Microsoft's documentation.
Microsoft already has a feature for Office applications that disables macros by default. This "Protected View" feature lets end users review an Office document with macros disabled. Protected View has been available since Office 2010. However, the company has seen an increase in macro-initiated malware using Office documents over the last three months. The increase in malware has occurred largely because malware writers have been tricking end users into enabling the macros in Office documents.
Malware writers tell message recipients to "enable editing" and "enable content" for the document. When they take those actions, the macro capability gets enabled. Now, IT pros can thwart those "social engineering" attempts by making Group Policy changes for Office documents received through the Internet.
In addition to using this new blocking capability, Microsoft suggests disabling macros altogether if an organization doesn't need them.
"If your enterprise does not have any workflows that involve the use of macros, disable them completely," Microsoft's announcement stated. "This is the most comprehensive mitigation that you can implement today."
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.