The Death of “Please Enable Macros” and What it Means

/in




February 14, 2022





On the 7th of February, Microsoft announced an impending change to its ubiquitous suite of Office apps. In Microsoft’s own words: “VBA macros obtained from the internet will now be blocked by default”. The change is expected to begin rolling out in early April.




Technically speaking, VBA macros were already “blocked by default” before. Upon opening a document containing such a macro, the user would be greeted with the following prompt:




And upon clicking this single button, Macros would be enabled. Following this change, for files that originated in the internet, the user would instead see this prompt:




The “learn more” button leads to a short article where Microsoft explains to the end user that macros “are often used by people with bad intentions to distribute malware to unsuspecting victims” and “aren’t required for everyday use like reading or editing a document in Word or using Excel workbooks”. Most importantly, the article stresses, “no legitimate company will make you open an Excel file to cancel an order and you don’t need macros just to read a document in Word”.




After all these admonitions, if the user is still interested in running the offending document macros, Microsoft provides a 4-step process under a collapsible. The process involves manually saving the file to the hard drive, then digging inside the file properties and explicitly clicking a checkmark box titled “unblock”.








This decision did not come about in a vacuum. Starting in the early 2010s, macros in MS-Word documents slowly gained ground and eventually became the most popular vector of infection for the average cybercriminal peddling commodity malware. This rise in popularity was preceded by a long and unusual history: in fact, like the cure for scurvy, VBA malware had to be discovered twice – having been forgotten and become lost to history after the first time. 




The first load-bearing document was a proof-of-concept created all the way back in 1994, during the stone age of POGs, Power Rangers, the Clinton Administration and dial-up internet. Up until then, it was…

Source…