Microsoft announced this week that it will disable, by default, the display of XLM-type macros in Excel for Office business users 365. The measure comes as a way to combat cybercriminal attacks and encourage the use of the resource in its VBA format, which has checks and other safeguards that guarantee its security and protect against remote code display.
- Thousand Gmail accounts are targets of Russian virtual attack with phishing bait
- Travel and leisure sectors are targeted by cybercriminals in Brazil
- Twitch source code and confidential information leaks on the internet
Among phishing attacks, the use of macros from Office documents has been a preferred vector for crooks, that disguise their offenses as spreadsheets, invoices and other documents supposedly sent by partners or customers. From there, campaigns are launched that can lead to data and credentials theft, installation of malware on computers or servers; and, in the main danger of the present time, ransomware scams.
The change takes place this October, initially for users of the insider program, and must be completed for all Excel users by mid-December. As of the update, the change becomes the default for new software installations, with the XLM macro display having to be enabled directly by clients or administrators, from application policies.
Want to catch up on the best tech news of the day? Go and subscribe to our new channel on youtube, Canaltech News.
Every day a summary of the main news in the tech world for you! Also about them, the company enforces that current organizational settings will not be changed after the upgrade — if the resource display is enabled, or not, it will be kept as such until a responsible person makes some kind of change. The recommendation, of course, is for corporations to keep the feature turned off; and prefer to use VBA-type macros, which are more secure.
Every day a summary of the main news in the tech world for you!
Also about them, the company enforces that current organizational settings will not be changed after the upgrade — if the resource display is enabled, or not, it will be kept as such until a responsible person makes some kind of change. The recommendation, of course, is for corporations to keep the feature turned off; and prefer to use VBA-type macros, which are more secure.
I thought the Messiah would come faster than this. Microsoft to disable macro by default in Excel 4.0 pic.twitter.com/BOvBrxtCI6
— Omri Segev Moyal (@GelosSnake) October 7, 2021
The XLM standard for macros was originally introduced in 2021 , while the more protected alternative, VBA, came the following year. This second one was further developed and, Microsoft hoped, should become a standard, but that’s not what happened. As with antiquated technologies such as Flash, the openings of the old system have fallen in favor of criminals, leading companies in the sector to take drastic changes of this type.
In the press release on the subject , Microsoft doesn’t go into that kind of detail, but says it wants to deliver a more secure standard experience for its users. Despite the change, the recommendation is to pay attention to attachments and executable files that arrive by email, which should only be opened if the user is sure of the file’s origin; protection software should also always be kept active and up to date, as well as apps and other tools used on a daily basis.
Source: Microsoft (via Omri Segev Moyal, Twitter)
Did you like this article?
Subscribe your email on Canaltech to receive daily updates with the latest news from the world of technology.