Following the news of Microsoft’s decision to roll back its default disabling of Office Macros, expert commented below.
“It’s unfortunate and disappointing that Microsoft is walking back their security by default initiative around office macros. Disabling office macros by default would have been a huge step forward for securing one of the most tried and tested attack paths, since malware like Quakbot and Emotet are distributed through these kinds of malicious docs, wreaking havoc on organizations worldwide. Whether this was rolled back due to technical concerns or customer feedback, office users are less secure today than they were last week; security teams need to be on high alert, and re-remind users about the risks of active content in office docs. While I was surprised to hear that there were plans to address it with a default macro disable, I’m even more surprised that those plans are being backpedaled.
“Overall, the question of usability vs. security is a huge problem to solve, but the user hurdle of disabled macros is a far smaller price to pay than picking up the pieces of a successful Emotet attack. This attack path has been a well known problem for decades and unfortunately, the approach to mitigating the risk of macros has always been on the end user, rather than fix at the source. I would be prepared for a spike in macro based cyber attacks, now that this attack path has been made easier again.”
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics