Microsoft just made this controversial change to boost your PC security
Microsoft is making a small change in the way that Office files downloaded from the internet are handled on PCs — but the change should lead to a huge improvement in computer security.
Specifically, Microsoft said in a blog post last week, it is making it harder to run macros, tiny but powerful scripts — really mini-programs — that can be embedded into Word documents, Excel spreadsheets, and PowerPoint, Access and Visio files.
“We will continue to adjust our user experience for macros, as we’ve done here, to make it more difficult to trick users into running malicious code via social engineering while maintaining a path for legitimate macros to be enabled where appropriate via Trusted Publishers and/or Trusted Locations,” said Microsoft manager Tristan Davis in the blog post.
The change will begin rolling out in April for users on the Office Preview version 2203. It will then spread to regular consumer and business users and older versions of Office, all the way back to Office 2013, over the next couple of years. Microsoft Office on Macs, Android or iOS devices or the web-based Office won’t be affected.
“This is potentially a game changer for the cybersecurity industry and, more importantly, customers,” tweeted Windows security expert Kevin Beaumont.
This is potentially a game changer for the cybersecurity industry and, more importantly, customers. The world has changed since VBA was around. It’s a big deal to fix this.It needs to be widely available within a year, and backported to supported non-O365 versions too.February 7, 2022
Let’s say your company has a new name, and so you write a small script that at the click of a mouse changes all instances of “Acme Enterprises” in a Word doc to “Weyland-Yutani Corporation” — that’s a macro.
Convenient, right? That’s why Microsoft has let Office users write and use macros since the mid-1990s. But hackers quickly began to use macros to spray malware, steal passwords and create remote backdoors in computer systems.
Malicious macros inserted into innocent-looking Word and Excel files that can be emailed are downloaded are now responsible for a huge chunk of hacking attacks. Beaumont estimates that 25% of ransomware…