Microsoft Finally Figured Out A Way To Protect Office From Malware Macros
Since their beginning, macros in Office applications have been both a blessing and a curse for users and system administrators alike. The feature causes significant security woes due to many methods of exploitation in the macro system. Now Microsoft has stated that its popular productivity suite is getting extra layers of security to keep users safe from malware-infested macros.
Most commonly used alongside Excel, macros are a tool for Office applications that allow for task automation beyond typical formulaic control. Today they look different, but macros have existed in Excel since its first release. The version of macros we see today takes advantage of Microsoft's programming language, Visual Basic, and more specifically the 'for Applications' variant. This is an extremely powerful, albeit potentially dangerous tool.
Support for macros has been expanded beyond just Excel since its inception; they now work on Access, Excel, Word, Outlook, and PowerPoint. Therein lies the problem. The support in these applications and a powerful programming language have allowed bad actors to abuse this functionality for years. A method for attackers is to spoof an e-mail address or name. Then the attacker sends a message with an Office Application attachment. Upon opening this less than savory attachment, often a user clicks through prompts allowing a macro to run without a second thought. Then this less-than-savory macro can do things like download and install software, often including viruses or malware.
To combat this, Microsoft has stated that they are changing the behavior in Microsoft Office applications. Upon downloading a file or attachment from an unknown or untrusted source, the end-user will see a red bar with a security warning. This behavior will be the default for all users upon the Office 2203 update starting in April 2022. Microsoft advises system administrators to enforce this policy according to new security baselines.
The update will start being made available in April 2022 under the Current Channel (Preview), with a later release added to Enterprise and Semi-Annual Enterprise Channels. Deployment to older Office Applications have no date but are planned for Office versions back to Office 2013. You can check out the full announcement for more specifics.