IT House February 8 news that if you are a microsoft office power user, you should know about VBA macros. Macros support many business automations in Office and are the precursor to more modern solutions like Power Automate, helping to automate repetitive tasks. But because they're so common and so easy to write, they've also become a vector for bad actors to deliver malicious attacks, sending "useful" macros to business users and then unwittingly bringing convenience while introducing malware, identity leaks, data loss, and remote access.
To help change that, today Microsoft announced that "VBA macros obtained from the Internet will now be blocked by default":
"This change only affects Office on devices running Windows, and only affects the following applications. Access, Excel, PowerPoint, Visio, and Word. This change will begin in the 2203 release, starting with Current Channel (Preview) in early April 2022. After that, the change will be available in other update channels, such as Current Channel, Monthly Enterprise Channel, and Semi-Annual Enterprise Channel.
We also plan to make this change to Office LTSC, Office 2021, Office 2019, Office 2016, and Office 2013 at a future date. ”
Office programs will no longer enable these potentially unwanted macros by default, but will instead display a security risk warning and provide a link to learn more.
Microsoft enables enterprises to manage policies that prevent macros from the Internet from running in Office and recommends that users only open files from trusted locations, and/or digitally signed files. Office administrators can learn more from this Microsoft Docs page.
While VBA macros are still useful and powerful tools, running untrusted macros obtained from the internet is never a good idea, and it's great to see Microsoft take action to prevent this common security vulnerability.
![Office iOS/iPadOS version upgrade the new design, how about Microsoft's technology?[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)