Microsoft Just Reversed Course On Blocking Potentially Harmful Office Macros, But Why?
In February security firms, researchers, infosec employees, antivirus, and malware organizations rejoiced. Why? Microsoft was finally disabling Visual Basic for Applications (VBA) macros on Microsoft Office. However, the Redmond software giant just took a step back and reversed course on the change, but why?
What would happen when a downloaded or new document tried to run an Office file with VBA in it, they would get a warning bar and a link that would take them to a support page. On the Current Channel users will no longer see this for the time being. Current Channel is the active update distribution for Microsoft Office. Some other platforms may call this the Stable Channel. That means anyone getting Microsoft Office updates without enrolling in betas or previews would likely be on Current Channel. So the update blocking VBA that was rolled out is now rolling back.
Initially the change was rolled out due to an ever increasing number of reports that this very behavior was a common attack vector method for malware and viruses. We reported on one particularly nasty one not too long ago that included keyloggers and data stealers.
The Microsoft Message Center for Microsoft 365 provided a statement in regards to the roll back saying, "We appreciate the feedback we've received so far, and we're working to make improvements in this experience. We'll provide another update when we're ready to release again to Current Channel. Thank you."
Basic VBA Script Code
Basic VBA Script Code
That's pretty vague if you ask us. What feedback are they referring to? We know most software developers do rely heavily on feedback from their users, but right now we can only speculate as to what feedback Microsoft is referencing. We might be able to take some posts from users on the February Blog announcement for Microsoft 365 involving this change.
Some feedback included users stating that this is a great change, and that this would, as we stated up top, make security and infosec people very happy. However, there were other people who said this change could negatively impact their day to day operations and business. One of which pointed out that, by volume, the total customer base of Microsoft 365 is actually small business and even individuals as opposed to giant mega-corps, which is actually a pretty fair assessment.
Screenshot of Microsoft Excel
There were some users who were unhappy with the roll back, though. Not so much that it happened, but because Microsoft made no announcement that the roll back was going to happen. Also, regardless of the statements on the blog post, we have existed on the internet ourselves long enough to know that "loudest" isn't always "right."
Was this kind of feedback taken into consideration, or was it from surveys or elsewhere? We'll have to wait on a statement from Microsoft on that point. While there's no further statement on the matter, the point is specific that it is "Current Channel" though, which implies that Preview channels likely still have VBA macros disabled by default.