Last week, Windows users started noticing that Microsoft had stopped blocking Internet-delivered VBA macros by default without making an announcement. Microsoft has now confirmed that the rollback is only a temporary measure.
Back in February, Microsoft announced that it would be taking steps to improve security by blocking Visual Basic for Applications (VBA) macros by default in certain Office apps. The security measure would apply to all Office files that are downloaded from the Internet. Microsoft already had a security feature that would prevent macros from running automatically, but that warning could be removed with a click of a button. The latest security feature would see a new security banner displayed if macros were detected.
The security measure applied to Access, Excel, PowerPoint, Visio, and Word on Windows, and would subsequently be rolled out for Office LTSC, Office 2021, Office 2019, Office 2016, and Office 2013. Clicking the ‘Learn More’ button directs the user to an article that provides more information on the security risks, such as bad actors using VBA macros to download malware silently on users’ devices, and information on how to enable macros and get around the block.
A few days ago, without any apparent announcement, Microsoft appeared to have rolled back the feature to the previous warning – The yellow security warning stating that macros had been disabled, with the option of removing the block by clicking the “Enable Content” button.
Microsoft has now confirmed that the rollback occurred based on the feedback received from Office users. Microsoft said the rollback was necessary to allow changes to be made to improve the user experience. The problem appears to be that the change has not been received well.
The change required users to enable macros specifically for each file by clicking on the file properties and unblocking the macros. For users that regularly deal with files that contain macros, the process of unblocking them is cumbersome, with some saying the process was difficult, and others found they could not enable macros at all.
What has added to the confusion was the lack of an announcement about the rollback. Microsoft claims it communicated to IT admins that the rollback was taking place, but the message clearly hadn’t gotten through to everyone. Microsoft has now confirmed that the rollback is only a temporary measure and that it is committed to its plan to block the macros by default but has not shared any details on what the changes to the security measure are likely to entail, nor has a timescale been provided on when the new rollout will take place.
In the meantime, it is possible to block macros by default through the Group Policy Management Console under User Configuration\Policies\Administrative Templates, which needs to be done for each office application. Details of how to do that can be found here.