Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Microsoft Security IT

Microsoft Will Block Office Macros By Default Starting July 27 (techcrunch.com) 35

Microsoft confirmed this week that it will soon start blocking Visual Basic Applications (VBA) macros in Office apps by default after quietly rolling back the change earlier this month. From a report: In a new update, the technology giant said that it will start blocking Office macros by default starting from July 27. This comes shortly after Microsoft halted the rollout of the macros-blocking feature citing unspecified "user feedback." It's thought the initial rollout, which kicked off at the beginning of June, caused issues for organizations using macros to automate routine processes, such as data collection or running certain tasks. In a statement given to TechCrunch, Microsoft said it paused the rollout while it "makes some additional changes to enhance usability." The company has since updated its documentation with step-by-step instructions for end users and IT admins explaining how Office determines whether to block or run macros, which Office versions are affected by the new rules, how to allow VBA macros in trusted files and how to prepare for the change.
This discussion has been archived. No new comments can be posted.

Microsoft Will Block Office Macros By Default Starting July 27

Comments Filter:
  • Um, ok (Score:4, Insightful)

    by cascadingstylesheet ( 140919 ) on Saturday July 23, 2022 @07:31AM (#62726892) Journal
    VB macros are pretty much the only reason to still use Office.
    • And you can still use them. This change is about *files from Internet* or other untrusted locations, such as a file share accessed through an IP address.

      For files retrieved from *trusted locations* this will not have any effect. Macros will still be able to run.

      • Why do I have a hunch that "trusted location" means "some server on the internet with a valid certificate" or similar bullshit that won't keep a single infection from happening but causes heaps of headaches for legitimate users?

        • VS Code has something along these lines. You designate locations that are trusted and projects from a trusted location can do everything, but projects from other locations can't.

        • Why do I have a hunch that "trusted location" means "some server on the internet with a valid certificate" or similar bullshit that won't keep a single infection from happening but causes heaps of headaches for legitimate users?

          The "from Internet" taint of files in Windows rely on the user agent. Mail clients and browsers are expected to "taint" files downloaded using the application. All browsers respect this, and I believe that all mail clients do so as well. But it really comes down to the program you use to download the file.

          This ability to "taint" a file has been in Windows since Vista (at least).

      • Re:Um, ok (Score:4, Insightful)

        by belg4mit ( 152620 ) on Saturday July 23, 2022 @12:55PM (#62727506) Homepage

        Except that MS is incapable of accurately determining where files come from, and frequently forgets that a yes, for fuck's sake I want to edit this document.

      • That's been the case since, what, Office 97 or so?
    • VB macros are pretty much the only reason to still use Office.

      And? Continue using them like normal. If the document is from a trusted source, comes from withing your domain, is signed, is authored by someone from within your organisation, is manually permitted, or you set group policy to ignore this new change then they will run like they always have.

      What's being blocked is macros run within documents from an untrusted location (e.g. internet, or share accessed via ip address rather than network name).

      • by PCM2 ( 4486 )

        What's being blocked is macros run within documents from an untrusted location (e.g. internet, or share accessed via ip address rather than network name).

        For the life of me, I swore they did that in like Office 2001.

        • No they stopped them from auto-executing and required user intervention, that's still in place today even for trusted sources. This will now *block* them, requiring complete reclassification of the file from untrusted to trusted, and then closing and re-opening said file.

          i.e. That piece of malware riding along in that file someone downloaded from the internet no longer has an "enable" button.

  • by Anonymous Coward

    microsoft only listens to fortune 500 clients.

  • ...out from under you after we've conditioned you to expect and need it. Microsoft: Hold our beer.
    • The difference, as usual, is that Microsoft isn't actually taking the functionality away. Microsoft rarely does that. They do sometimes let things languish until they're not practical to use any more, but that's not the same thing. You'll be able to click to enable your macros. This is a good move that's going to reduce the number of dumbshits who are infected by email. It won't eliminate them, because a percentage of those dumbshits will enable the macros, but it should still help.

      Per link from TFA [microsoft.com], users

  • by eneville ( 745111 ) on Saturday July 23, 2022 @08:31AM (#62727002) Homepage

    With MS Office formats you can't automate outside the application, and then you can't automate from within it either.

    Nice work.

    • Oh, you can still "automate". This takes away the ability to run macros for *files from Internet*. It does not take away the ability to run macros in documents you have authored yourself or retrieved from within your organization.

      • Trying to partition which bits of the internet are the organisation or partners to the organisation sounds like a nightmare since most things are hosted within three main outsourcing organisations.

        • Trying to partition which bits of the internet are the organisation or partners to the organisation sounds like a nightmare since most things are hosted within three main outsourcing organisations.

          It's the browser or mail client that taints the file with it's "Internet origin" mark. Download a file using a browser or save a file received through an email and it will be tainted, unless you use some obscure mailclient or browser which does not follow the guidance.

    • While your critique is not really accurate, I do wonder why companies are still using VB for "business intelligence." There are so many easier ways today to manage data between the extremes of Excel and Oracle, why would you pick either dark end.

      • Well indeed, but when all you have is a hammer, everything looks like a nail.

        Excel mostly gets in the way of automation, it is ok for displaying data but shouldn't be a producer in my view.

        • Completely agree. It is a hard lesson to learn though; so many things only give you 80%, and for the balance you need to export to excel. The stuff that really sucks puts excell in the middle of the workflow to glue different systems together.

          Boy I wish there was an open source graphing engine that could functionally compete with Excel-- things like mixed-mode graphs and the level of customization!

  • by Asynchronously ( 7341348 ) on Saturday July 23, 2022 @10:33AM (#62727230)

    MS could simply improve Defender to recognize malicious vs legitimate macros and block the bad ones. There are other endpoint protection platforms that do this effectively. But I guess implementing something like that is too hard for MS.

    • Re:Easy way out. (Score:4, Interesting)

      by SmaryJerry ( 2759091 ) on Saturday July 23, 2022 @11:17AM (#62727320)
      This isn’t that easy. VBA is much more powerful than just macros. The use of it is more akin to creating a stand alone application that happens to run through Office programs. The application may create, copy, scan or delete files, access data on the web, modify data, send emails, essentially do anything you can think of. I’ve written programs similar to windirstat within VBA and that only takes a couple hours to make. Entire accounting systems run on VBA and do things no doubt that could be considered a virus or malware were it a random file downloaded from the internet. Blocking certain macros would cause most programs not to work at all.
    • MS could simply improve Defender to recognize malicious vs legitimate macros and block the bad ones.

      If we could identify malicious actions from intentional ones we wouldn't have malware. The problem is false positives. And no there are not other protection platforms that do this effectively, there are other platforms which are an outright fucking pain in the arse to legitimate users, or are useless to the point of irrelevance.

      This change won't matter anyway, the only macros being blocked are in untrusted files. Anything you or someone in your organisation authors will run just fine. And if you want to sho

  • I mean, it is pretty clear how: Either sandbox the whole thing and put all file-access (including execution) in a restricted, controlled and limited virtual file system. Or add some "secure" mode where macros cannot execute files, cannot write files and, as highest level, cannot read files.

    But apparently MS cannot do anything like this, which would not restrict purely document-local macros at all. This is one more reason why I think MS has lost control of MS Office in the sense that they do not have the ski

    • by thegarbz ( 1787294 ) on Saturday July 23, 2022 @12:18PM (#62727434)

      Either sandbox the whole thing

      Did you just write: "break macros everywhere" without realising it? The whole power of macros is that they have incredible access outside of the scope of the system they are running. I myself have many thanks to my employer a shitton of excel and word files which contain macros that generate powerpoint slides and write them to various places. I've seen organisations use macros to read and write data from remote servers.

      The whole reason MS is so delicate with the situation is they know that macros are used well beyond the scope of the document or even application they are used in.

      You're right, MS cannot do anything like this, it would break too many user applications.

  • ..."That functionality is no longer available. Deal with it" tomorrow.

A committee takes root and grows, it flowers, wilts and dies, scattering the seed from which other committees will bloom. -- Parkinson

Working...