Microsoft resuming default block of Office VBA macros

Microsoft confirmed that it is resuming the roll out of a popular change that blocked Visual Basic for Applications (VBA) macros by default in a variety of Office apps.

The tech giant faced backlash two weeks ago after it announced a temporary decision to roll back the change, telling The Record that because of “user feedback” they decided to roll back the change “temporarily” while they “make some additional changes to enhance usability.” Macros are series of commands used to automate a repeated task, but have frequently been used by hackers as vehicles for malware.

The company did not say how long the pause would last, but on Wednesday evening, it updated the webpage about the feature, which applies to the programs Access, Excel, PowerPoint, Visio and Word.

“We’re resuming the rollout of this change in Current Channel. Based on our review of customer feedback, we’ve made updates to both our end user and our IT admin documentation to make clearer what options you have for different scenarios,” the company said. 

Microsoft provided two links for users and IT administrators with detailed information on how to handle different scenarios related to the change. 

Microsoft declined to provide information about why the effort was paused, but several experts said customers in the banking and financial sectors complained about the new feature. 

Michael Tal, technical director of Votiro, told The Record that he works closely with partners from those sectors and explained that macros play “an integral part of our client's business workflows.” 

The initial block caused a “massive hindrance on business productivity,” he said. 

“Macros are a powerful tool in the financial sector, as they are used to create robust financial modeling, calculate loan interest, automate repetitive, labor-intensive tasks – they are recorded sets of actions which can be run to save time and labor,” he said. “It is also used to simplify budget forecasting and makes a difference in a day-to-day workload of any entity who's using it as it speeds up the process to generate a task after finalizing the creation of the macro and setting the variables.”

Tal added that while he understood Microsoft’s desire to combat malware like Emotet, Trickbot, Qbot and Dridex, they should have come up with a more creative approach to deal with legitimate business use cases for macros and allow for continuity without compromising security.

Despite their usefulness, cybersecurity researchers and Microsoft itself have long said cybercriminals and hackers send macros in Office files to people who unknowingly enable them, allowing malicious payloads to be delivered. In many cases, malware is delivered and there have been countless instances of data theft, remote access, ransomware and more.   

The issue was highlighted in May with the “Follina” vulnerability, which experts said was an example of how macros made Office more flexible but also gave threat actors a way to exploit user files.