Microsoft Rolling Back Default Security Initiative, Expert Weighs In

Following the news of Microsoft’s decision to roll back its default disabling of Office Macros, expert commented below.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Ian McShane
Ian McShane , Field CTO
InfoSec Expert
July 12, 2022 8:31 am

“It’s unfortunate and disappointing that Microsoft is walking back their security by default initiative around office macros. Disabling office macros by default would have been a huge step forward for securing one of the most tried and tested attack paths, since malware like Quakbot and Emotet are distributed through these kinds of malicious docs, wreaking havoc on organizations worldwide. Whether this was rolled back due to technical concerns or customer feedback, office users are less secure today than they were last week; security teams need to be on high alert, and re-remind users about the risks of active content in office docs. While I was surprised to hear that there were plans to address it with a default macro disable, I’m even more surprised that those plans are being backpedaled.

“Overall, the question of usability vs. security is a huge problem to solve, but the user hurdle of disabled macros is a far smaller price to pay than picking up the pieces of a successful Emotet attack. This attack path has been a well known problem for decades and unfortunately, the approach to mitigating the risk of macros has always been on the end user, rather than fix at the source. I would be prepared for a spike in macro based cyber attacks, now that this attack path has been made easier again.”

Last edited 4 months ago by Ian McShane
1
0
Would love your thoughts, please comment.x
()
x