Again in February I applauded Microsoft for taking a decisive step within the struggle in opposition to macro malware. Right here’s a part of what I wrote:
…greater than 25 years after it first distributed the Idea virus on CD-ROM and kickstarted the entire downside, Microsoft has performed one thing which is perhaps extra profitable at stopping the unfold of macro malware.
Microsoft has introduced that… it’s altering the default conduct of Workplace purposes in order that they block macros in information from the web.
What’s extra, it gained’t give customers a easy one-click method to enable the macros to run, foiling a lot of the social engineering methods generally utilized by cybercriminals.
In line with Microsoft, its merchandise would not show a yellow warning strip alongside the highest of paperwork containing macros which – with some intelligent social engineering – might dupe unsuspecting customers into clicking an “Allow Content material” button and permitting the malicious macros to run.
As an alternative, the brand new design would see a redesign (no extra yellow. hey crimson strip!) with out an oh-so-tempting-and-oh-so-dangerous “Allow content material” button.
SECURITY RISK: Microsoft has blocked macros from working as a result of the supply of this file is untrusted. <Study Extra>
Sadly, issues haven’t gone as easily as Microsoft (and, certainly, the remainder of us) might need hoped:
Replace on July 6, 2022: Based mostly on suggestions, we’re rolling again this transformation from Present Channel. We respect the suggestions we’ve acquired to date, and we’re working to make enhancements on this expertise. We’ll present one other replace once we’re able to launch once more to Present Channel. Thanks.
In different phrases, Microsoft has rolled again its plans. Which is sweet information for hackers who can proceed to depend on the years-old strategy of hiding malicious macros inside Workplace paperwork – for now a minimum of.
Hopefully Microsoft will resolve no matter points have bubbled up with its deliberate macro block, and can have one other stab quickly at killing such a typical vector of assault.
Discovered this text fascinating? Comply with Graham Cluley on Twitter to learn extra of the unique content material we submit.
