Five months after announcing plans to disable Visual Basic for
Applications (VBA) macros by default in the Office productivity
suite, Microsoft appears to have rolled back its plans.
“Based on feedback received, a rollback has started,” Microsoft
employee Angela Robertson said[1]
in a July 6 comment. “An update about the rollback is in progress.
I apologize for any inconvenience of the rollback starting before
the update about the change was made available.”
When reached by The Hacker News, Redmond said its decision to
reverse course was temporary and that it’s working to incorporate
further usability improvements.
“Following user feedback, we have rolled back this change
temporarily while we make some additional changes to enhance
usability,” a Microsoft spokesperson said. “This is a temporary
change, and we are fully committed to making the default change for
all users. Regardless of the default setting, customers can block
internet macros through the Group Policy settings described in
this
article[2].”
The company further said that it would share additional details
on the timelines in the upcoming weeks.
In February 2022, the tech giant said[3]
it was disabling macros by default across its products, including
Word, Excel, PowerPoint, Access, and Visio, for documents
downloaded from the web in an attempt to mitigate potential attacks
that abuse the functionality for deploying malware.
“Bad actors send macros in Office files to end users who
unknowingly enable them, malicious payloads are delivered, and the
impact can be severe including malware, compromised identity, data
loss, and remote access,” Microsoft noted at the time.
(Update: The story has been updated to include a statement
from Microsoft. The headline has been revised to reflect the fact
the changes are temporary.)
References
Read more https://thehackernews.com/2022/07/microsoft-quietly-rolls-back-plan-to.html