Following the news that Microsoft took the decision to disable macros in Office docs by default after years of calls from the industry to do so, please find comment below.
This is a long-awaited change by the cyber security industry which is expected to greatly reduce the chances of harmful malware being delivered via phishing emails. However, it won’t completely remove the threat. This change should not impact the small number of users who are required to run macros as a legitimate business function as it will only change the default behaviour, which admins can change on a case-by-case basis. It’s great to see a secure by design approach which would protect the majority of users as opposed to leaving security up to the untrained user.
Any move towards security as a default, and not an option, is a real positive change. Complexity is a serious barrier to security and this change will help many organizations protect themselves. Threat actors will adapt, but macros have been a prevalent threat for a long time and this change will raise the cost and complexity for attackers.
Last edited 1 year ago by Callum Roxan
Joseph Carson , Chief Security Scientist & Advisory CISO
InfoSec Expert
February 9, 2022 3:07 pm
The implications of turning Macros off by default is a huge win for security as it significantly reduces the potential victim scope of macro-based attacks for cybercriminals. In the past, we relied heavily on users to make security decisions on macros with a warning – this can potentially reduce the risks from curious employees who may just accept the warning and run the macro that could result in stolen credentials or a fully compromised machine. The issue lies in how quickly organizations can upgrade to this version as office upgrades can typically take a long time, though at least those who have moved to cloud solutions should benefit sooner.
For those industries that heavily rely on macros such as financial or accounting industries, the hope is that Microsoft will at last make it simple enough for individuals to turn it on for on demand purposes on approved documents and scanned documents.
This is a long-awaited change by the cyber security industry which is expected to greatly reduce the chances of harmful malware being delivered via phishing emails. However, it won’t completely remove the threat. This change should not impact the small number of users who are required to run macros as a legitimate business function as it will only change the default behaviour, which admins can change on a case-by-case basis. It’s great to see a secure by design approach which would protect the majority of users as opposed to leaving security up to the untrained user.
Any move towards security as a default, and not an option, is a real positive change. Complexity is a serious barrier to security and this change will help many organizations protect themselves. Threat actors will adapt, but macros have been a prevalent threat for a long time and this change will raise the cost and complexity for attackers.
The implications of turning Macros off by default is a huge win for security as it significantly reduces the potential victim scope of macro-based attacks for cybercriminals. In the past, we relied heavily on users to make security decisions on macros with a warning – this can potentially reduce the risks from curious employees who may just accept the warning and run the macro that could result in stolen credentials or a fully compromised machine. The issue lies in how quickly organizations can upgrade to this version as office upgrades can typically take a long time, though at least those who have moved to cloud solutions should benefit sooner.
For those industries that heavily rely on macros such as financial or accounting industries, the hope is that Microsoft will at last make it simple enough for individuals to turn it on for on demand purposes on approved documents and scanned documents.