What are macros and what risks do they represent to security?
Microsoft recently caused a storm on the Internet after announcing it would block macros in documents downloaded from the web in the latest versions of its popular productivity suite Office. According to the company, the aim is to improve security and fight the spread of malware that abuses the function.
But do you even know what Office macros are and what risks they represent? Macros are little more than small scripts (or codes) embedded in documents, usually Word or Excel, created to automate tasks. The original idea was for users to create their own macros to save time on routine tasks, configuring a series of commands and instructions to perform an action that would usually take a long time if done traditionally.
However, cybercriminals soon noticed that macros were easy to code. As such, they began to create malicious codes and spread documents contaminated with macros filled with malware through phishing campaigns.
Control measures
Even though macros are multi-platform (that is, they also function in the Office suite version for macOS and they exist in other productivity suites), the Microsoft Office package for Windows is unquestionably the most popular in the market. As such, it’s natural for cybercriminals to concentrate their efforts on creating specific threats for these programs.
Having realized there was no stopping the infection strategy, Microsoft updated its suite to prevent macros from running automatically. Right below the edit menu, a small notice warned that the file contained macros and that running it was at the user’s own risk. Basically, to enable all the editing resources and allow the macro to be reproduced, users have to authorize the action by clicking on a button.
And from that point on, it became a common cybersecurity hygiene habit to not open Office documents sent by suspicious or unknown senders. Obviously, not all Internet users respect this rule and, as such, macro-based malware has become increasingly complex, used to steal personal data and even create paths for ransomware infections in entire corporate networks. All things considered, the company founded by Bill Gates felt obliged to adopt drastic measures.
The end of malicious macros?
As mentioned earlier, from now on, in the latest versions of Office, macros running in documents from the web will be blocked as standard, aimed at increasing user protection. However, it will still be possible to allow macros to run by enabling the option in the document settings. But it’s worth thinking twice before doing so.
“Based on our review of client feedback, we’ve made updates to both our end users and our admin documentation to make it clearer which options you have in different scenarios”, explained a representative.
For now, the restriction is limited to the 2206 version of Office 365 (the current version acquired through a subscription) in Access, Excel, PowerPoint, Visio and Word. It is worth reiterating that the measure, at least for now, does not impact older editions of the suite, like Office 2019.