News
Comment: Microsoft disables Office doc macros
February 2022 by Joseph Carson, Chief Security Scientist at Delinea
Following the news that Microsoft took the decision to disable macros in Office docs by default after years of calls from the industry to do so, the comment from
Joseph Carson, Chief Security Scientist at Delinea:
“The implications of turning Macros off by default is a huge win for security as it significantly reduces the potential victim scope of macro-based attacks for cybercriminals. In the past, we relied heavily on users to make security decisions on macros with a warning - this can potentially reduce the risks from curious employees who may just accept the warning and run the macro that could result in stolen credentials or a fully compromised machine. The issue lies in how quickly organizations can upgrade to this version as office upgrades can typically take a long time, though at least those who have moved to cloud solutions should benefit sooner.
For those industries that heavily rely on macros such as financial or accounting industries, the hope is that Microsoft will at last make it simple enough for individuals to turn it on for on demand purposes on approved documents and scanned documents.“
