It is enough that a program, or service, is popular for hackers to look for ways to take advantage of it to carry out their computer attacks. Word documents and Excel spreadsheets are Office documents that are used daily, both personally and professionally and in companies. Therefore, they are a perfect hook to be able to distribute malware through the Internet. And, for this, a function present in these programs has been used for years: the macros.
A macro is a piece of code designed, especially, to automate all kinds of repetitive tasks so that we can write documents with much more productivity. However, hackers have taken advantage of this feature to embed malicious code within documents, which remotely downloads and installs malware on computers just by opening a document.
A few weeks ago, Microsoft introduced a change in office designed precisely to put an end to these problems: block macros by default in all documents to avoid its use. However, many companies expressed their dissatisfaction with the decision, finally forcing Microsoft to back down and re-enable the use of macros in documents downloaded from the Internet.
Now, after turning this new security measure on and off, Microsoft has finally decided to turn it back on. And this time yes, definitively. Therefore, as of today, a new update is available for all Office products (Word, Excel, PowerPoint, etc.) with which macros will be blocked by default in all documents that have been downloaded from the Internet. When trying to open one, with embedded code, we can see a message like the following.
Instead of seeing a button that allows us to enable editing and edit the code, we will now only see a message that tells us that macros have been blocked for security, and nothing else. Thus, it is impossible for us to be tricked into clicking and inadvertently allowing this type of code.
How to allow macros in Office
But what if we need to run a trusted document with this type of code? There are several ways to do it. The first is to open its properties window, and in the tab “General” We will find a section that will indicate that the document may be dangerous and that it will be blocked to protect us. Next to it, a box that we can check to unlock the document and allow code execution.
Microsoft also allows you to add domains to system trusted websites. And also change the group policies to allow the execution of this dangerous content inside the documents. We can see more ways to allow macros on our computer in the official Office documentation that Microsoft has left us.
But, from today, by default all users will be protected from this threat.