Microsoft will block VBA macros in Office by default
Microsoft is going to make it harder for Office users to run downloaded Visual Basic for Applications macros. Users will see that the macros are locked and execution will only be possible by manually unlocking the files.
Currently, Microsoft shows in documents with VBA macros that they can contain malicious content. Users can still activate the macro with a single push of a button at that warning. In the new situation this is no longer the case. Users will then see a red notification with the text: ‘Security risk’ and a button for more information. It is no longer possible to activate the macros from that message. This is only possible if users manually remove the lock in the properties of the file.
New notification
Microsoft says it is making the changes to protect users from malicious software. Macros in Office programs have been a means for criminals to gain access to systems for decades. Security researcher Marcus Hutchins, who managed to stop the WannaCry malware, welcomes the move, but is also cynical about it. He is writing: “30 years and billions of malware infections later, Microsoft has decided to do the bare minimum.”
The change will first be reflected in the Office preview in early April. Sometime after that, the change should be applied to all Microsoft 365 users. The blocking of VBA macros is coming to the Windows versions of Access, Excel, PowerPoint, Visio, and Word. Older Office versions are also blocked. This concerns Office LTSC, Office 2021, Office 2019, Office 2016 and Office 2013.