Microsoft adds macros lockdown feature in Office 2016 in response to increasing attacks

Enterprise administrators will be able to disable macros for documents obtained from the Internet

Enterprise system administrators can now block attackers from using a favorite malware infection method: Microsoft Office documents with malicious macros.

Microsoft this week added a new option in Office 2016 that allows administrators to block macros -- embedded automation scripts -- from running in Word, Excel and PowerPoint documents that originate from the Internet.

Microsoft Office programs support macros written in Visual Basic for Applications (VBA), and they can be used for malicious activities like installing malware. Macro viruses were popular more than a decade ago but became almost extinct after Microsoft disabled macros by default in its Office programs.

But the technique made a comeback during the past two years, as attackers have figured out they can use some clever social engineering to convince users to execute macros embedded in documents.

For example, hackers send spam emails masquerading as invoices and other business-related messages with malicious Word documents attached. When opened, the documents show a fake warning message saying the content cannot be displayed for security reasons until the user enables macros.

Both cybercriminal and cyberespionage groups currently use this technique, to the extent that Microsoft's threat data from Office 365 shows macros are involved in 98 percent of Office-related attacks.

Office has long included a setting to block macros in all documents without warning the user and offering the option to bypass the restriction. However, this is not practical for many enterprises because macros can serve a legitimate purpose and are useful for certain businesses workflows.

That's why Microsoft has now come up with a better solution: a group policy setting that administrators can use to disable macros only for Office files obtained from locations that Windows considers part of the Internet zone. This includes files downloaded from any Internet websites, including cloud storage providers like Microsoft OneDrive, Google Drive and Dropbox; documents attached to emails received from addresses outside the organization; and documents downloaded from file-sharing sites.

The new setting is called, "block macros from running in Office files from the Internet" and can be found in the group policy management editor under User configuration > Administrative templates > Microsoft Word 2016 > Word options > Security > Trust Center. It can be configured for each Office application.

When the setting is enabled, a user who attempts to open a document that contains macros will see a blocked content warning: "Macros in this document have been disabled by your enterprise administrator for security reasons." The user won't have an option to manually bypass the restriction.

"For end-users, we always recommend that you don’t enable macros on documents you receive from a source you do not trust or know, and be careful even with macros in attachments from people you do trust -- in case they’ve been hacked," researchers from the Microsoft Malware Protection Center said in a blog post.

"For enterprise administrators, turn on mitigations in Office that can help shield you from macro-based threats, including this new macro-blocking feature," they added. "If your enterprise does not have any workflows that involve the use of macros, disable them completely."

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Cool Tech

Crucial Ballistix Elite 32GB Kit (4 x 8GB) DDR4-3000 UDIMM

Learn more >

Gadgets & Things

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Family Friendly

Lexar® JumpDrive® S57 USB 3.0 flash drive 

Learn more >

Stocking Stuffer

Plox Star Wars Death Star Levitating Bluetooth Speaker

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?