Microsoft appears to have quietly, and without fanfare, reversed a February 2022 policy to block Visual Basic for Applications (VBA) macros by default across five of the most used Office applications, citing negative user feedback.
The new policy was initially introduced on the basis that by making it impossible for users to enable macros by clicking a button by throwing extra click-throughs and reminders in their path, it would make it harder for threat actors to trick them into opening malicious attachments containing malware payloads. The change was made at least in part because of the ongoing prevalence of remote working.
However, as first reported by Bleeping Computer, Redmond now appears to have put the brakes on the policy and begun a rollback – which may yet prove temporary.
The rollback was first spotted by Microsoft users puzzled as to why the old security warning had reappeared on documents containing VBA macros, as opposed to the new block notice that they were becoming used to.
UK-based user Vince Hardwick was first to query the change on Microsoft’s Tech Community forums after running into difficulties attempting to demonstrate the new policy for a YouTube video he was making.
Responding to Hardwick’s query on the forums, Angela Robertson, Microsoft 365 Office Product Group principal GPM for identity and security, said: “Based on feedback received, a rollback has started. An update about the rollback is in progress. I apologise for any inconvenience of the rollback starting before the update about the change was made available.”
Other users, including Hardwick, voiced frustration that Microsoft had failed to communicate the rollback to them.
The nature of the feedback that Robertson referred to is unclear, but if the decision to rollback is indeed based on user feedback, it is unlikely to be the feedback of the security community, which had generally welcomed the move in the hope that it would improve organisational security by cutting off an easy way for cyber criminals to establish initial access into their targets, ie by emailing them malicious documents or spreadsheets.
Security experts have already responded, describing Microsoft’s move as…