Why it matters: Microsoft Office files have long been a popular vector for malware. Now Microsoft is changing Office's default behavior in its latest attempt to make Office applications more secure. This change will apply to Office versions going back several years.
In a blog post this week, Microsoft announced that it's adding an extra step in activating macros in Office files downloaded from the internet. Instead of being activated with a single click, Office applications will now show users a warning message they'll have to get through first.
The change applies to Windows versions of Access, Excel, PowerPoint, Visio, and Word. The update will come to Office 365 first, starting with the version 2203 preview in April. Later on, it will come to Office LTSC and standalone Office 2021, 2019, 2016, and 2013.
Macros are automated processes that users can build into Office files. Hackers have long used them to deliver malware payloads in files sent to victims. In September, Microsoft had to close another large vulnerability in Office and other Microsoft products.
Marcos previously had a notification warning users of their risks, but the new message has a more serious tone and a button that leads to more information about risky macros. It even brings users through a checklist of questions highlighting typical social engineering behavior.