Saturday, July 9, 2022
HomeInformation SecurityMicrosoft rolls again plan to dam macros by default • Graham Cluley

Microsoft rolls again plan to dam macros by default • Graham Cluley


Again in February I applauded Microsoft for taking a decisive step within the struggle in opposition to macro malware. Right here’s a part of what I wrote:

…greater than 25 years after it first distributed the Idea virus on CD-ROM and kickstarted the entire downside, Microsoft has performed one thing which is perhaps extra profitable at stopping the unfold of macro malware.

Microsoft has introduced that… it’s altering the default conduct of Workplace purposes in order that they block macros in information from the web.

What’s extra, it gained’t give customers a easy one-click method to enable the macros to run, foiling a lot of the social engineering methods generally utilized by cybercriminals.

In line with Microsoft, its merchandise would not show a yellow warning strip alongside the highest of paperwork containing macros which – with some intelligent social engineering – might dupe unsuspecting customers into clicking an “Allow Content material” button and permitting the malicious macros to run.

As an alternative, the brand new design would see a redesign (no extra yellow. hey crimson strip!) with out an oh-so-tempting-and-oh-so-dangerous “Allow content material” button.

SECURITY RISK: Microsoft has blocked macros from working as a result of the supply of this file is untrusted. <Study Extra>

Sadly, issues haven’t gone as easily as Microsoft (and, certainly, the remainder of us) might need hoped:

Replace on July 6, 2022: Based mostly on suggestions, we’re rolling again this transformation from Present Channel. We respect the suggestions we’ve acquired to date, and we’re working to make enhancements on this expertise. We’ll present one other replace once we’re able to launch once more to Present Channel. Thanks.

In different phrases, Microsoft has rolled again its plans. Which is sweet information for hackers who can proceed to depend on the years-old strategy of hiding malicious macros inside Workplace paperwork – for now a minimum of.

Signal as much as our publication
Safety information, recommendation, and suggestions.

Hopefully Microsoft will resolve no matter points have bubbled up with its deliberate macro block, and can have one other stab quickly at killing such a typical vector of assault.

Discovered this text fascinating? Comply with Graham Cluley on Twitter to learn extra of the unique content material we submit.



Graham Cluley is a veteran of the anti-virus trade having labored for quite a lot of safety firms for the reason that early Nineteen Nineties when he wrote the primary ever model of Dr Solomon’s Anti-Virus Toolkit for Home windows. Now an unbiased safety analyst, he usually makes media appearances and is an worldwide public speaker on the subject of pc safety, hackers, and on-line privateness.

Comply with him on Twitter at @gcluley, or drop him an electronic mail.



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments