Whereas Microsoft introduced earlier this yr that it could block VBA macros on downloaded paperwork by default, Redmond stated on Thursday that it’ll roll again this modification based mostly on “suggestions” till additional discover.
The corporate has additionally failed to elucidate the explanation behind this determination and is but to publicly inform prospects that VBA macros embedded in malicious Workplace paperwork will now not be blocked routinely in Entry, Excel, PowerPoint, Visio, and Phrase.
“Primarily based on suggestions, we’re rolling again this modification from Present Channel,” the corporate notified admins within the Microsoft 365 message middle (underneath MC393185 or MC322553) on Thursday.
“We admire the suggestions we have obtained thus far, and we’re working to make enhancements on this expertise. We’ll present one other replace after we’re able to launch once more to Present Channel. Thanks.”
The change started rolling out in Model 2203, beginning with Present Channel (Preview) in early April 2022, with basic availability to be reached in June 2022, as BleepingComputer beforehand reported.
This was a welcome and extremely anticipated change, on condition that VBA macros are a preferred methodology to push a variety of malware strains (together with Emotet, TrickBot, Qbot, and Dridex) by way of phishing assaults with malicious Workplace doc attachments.
With VBA macros blocked by default, everybody was anticipating assaults that delivered malware (equivalent to information-stealing trojans and malicious instruments utilized by ransomware teams) to be routinely thwarted.
On techniques the place VBA macros aut0blocking is enabled, prospects see a “SECURITY RISK: Microsoft has blocked macros from working as a result of the supply of this file is untrusted” safety alert.
If clicked, the warning sends customers to an article containing details about the safety dangers behind risk actors’ use of Workplace macros and directions on enabling these macros if completely essential.
Confused customers asking for an evidence, extra transparency
Microsoft’s prospects have been the primary to note that Microsoft rolled again this modification within the Present Channel on Wednesday, with the previous ‘Allow Enhancing’ or ‘Allow Content material’ buttons proven on the high of downloaded Workplace paperwork with embedded macros.
“Is it simply me or have Microsoft rolled this modification again on the Present Channel?” one Microsoft Workplace consumer requested within the feedback of Microsoft’s February weblog put up saying that VBA macros can be disabled.
“It looks like one thing has undone this new default behaviour very not too long ago… perhaps Microsoft Defender is overruling the block?”
“Primarily based on suggestions obtained, a rollback has began. An replace in regards to the rollback is in progress,” replied Angela Robertson, a Principal GPM for Id and Safety on the Microsoft 365 Workplace staff.
“I apologize for any inconvenience of the rollback beginning earlier than the replace in regards to the change was made out there.”
One other buyer complained about Microsoft’s “lack of communication” after saying this modification and requested the corporate to share extra data on this rollback “elsewhere.”
“Your commonplace SMB and even mid-sized companies are going to implode if this will get absolutely applied in it is present kind,” the shopper stated.
“You appear to be catering to enterprises now which have very massive groups of individuals to handle your merchandise, and that is merely not the case for a lot of the consumer base. It must be simplified earlier than it is launched, and moreso, it must be successfully communicated.”
“Rolling again a not too long ago applied change in default behaviour with out no less than saying the rollback is about to occur could be very poor product administration,” one other added.
Whereas Microsoft has not shared the detrimental suggestions that led to the rollback of this modification, customers have reported that they’re unable to seek out the Unblock button to take away the Mark-of-the-Internet from downloaded information, making it unattainable to allow macros.
Different admins felt that the choice was an issue for end-users who would discover it burdensome to unblock information that they obtain every single day, if not a number of instances per day.
Replace July 0, 03:57 EST: In response to our questions as to why they’re rolling again this modification, a spokesperson advised us Microsoft “doesn’t have something extra to share.”