HomeTechnologyMicrosoft's Small Step to Disable Macros Is a Huge Win

Microsoft’s Small Step to Disable Macros Is a Huge Win


master mentalism tricks

Tricking someone into enabling macros on a downloaded Microsoft Excel or Word file is an old hacker chestnut. That one click from a target creates a foothold for attackers to take over their devices. This week, though, Microsoft announced a seemingly minor tweak with massive implications: Beginning in April, macros will be disabled by default in files downloaded from the internet.

Macros are small pieces of software used to automate tasks like data collection without the need to develop additional tools or applications. They can be written directly in Microsoft’s Visual Basic for Applications programming language, or set up through translation tools that will turn a series of steps into a VBA macro, no coding skills required. Businesses rely on them heavily, especially those with legacy infrastructure, and they play a crucial role in everything from financial services to government organizations. But as an individual Microsoft 365 user, it’s not unusual if your only interaction with macros has been clicking that pesky “allow” button—or knowing avoidance.

For attackers, being able to write little programs within massive, trusted applications like Excel or Word creates the opportunity to develop what are essentially macro viruses. Bad actors can also craft these programs to automatically download and run additional malware on victim devices. As a result, whether you use the feature in your daily life or not, everyone has faced risk from it for decades, making Microsoft’s move this week all the more significant.

“A few years from now, we’ll look back on this announcement as the single biggest change Microsoft made for mitigating threat actor initial access,” says incident responder and former NSA hacker Jake Williams. “Your apex-grade threat actors or the NSO Groups of the world aren’t using this stuff anymore anyway, but this will impact scammers, ransomware groups, and other criminals for sure.”

At least a quarter of ransomware attacks against businesses or other organizations start with phishing attempts, which often dangle a malicious document laced with tainted macros, according to Brett Callow, a threat analyst at the antivirus company Emsisoft.

“I’m very happy about Microsoft’s announcement,” Callow says. “Cybercriminals, on the other hand, will be far from happy. Really, the change was long overdue.”

“We are always working to improve security,” said a Microsoft spokesperson in a statement. “Our products currently provide a warning to all customers that requires them to click before running macros from the internet. This new feature goes even further with an extra step to protect customers in everyday scenarios.” The company declined to say specifically why it took the step now and had not done it sooner.

The answer likely involves the tension between the needs of Microsoft’s big, macros-dependent customers and the desire to tamp down macros-related attacks once and for all. In Windows 10 and 11, a feature called Microsoft Defender Application Guard has made it much more difficult for attackers to get meaningful access from what would have previously been successful macros-related attacks. But Application Guard is mostly intended for enterprise devices, and many consumer Windows computers still don’t support it. And in general, the vast universe of old and outdated Windows devices keeps trucking without advanced defenses.

Read The Full Article Here


trick photography
Advertisingfutmillion

Popular posts

Little Ones – first-look review
Ezra Miller Legal Issues Continue, Charged With Felony Burglary
Predator Movies Ranked Following Prey
‘Curb Your Enthusiasm Shot a Larry Death Scene
The Bella Twins Reflect on Their WWE Impact Ahead of
Comic-Con Portraits of ‘Ghosts,’ ‘Prey,’ ‘Teen Wolf’ & More Stars
3 Ways to Hear Dialogue Better on TV
‘The Lord of the Rings’: The Rings of Power’ SDCC
On the Radar Latin: Alejo, Kevin Kaarl & More Emerging
U2 and Gladys Knight to Receive Kennedy Center Honors
Shonka Dukureh, Who Played Big Mama Thornton in Baz Luhrmann’s
Jury orders Alex Jones to pay Sandy Hook parents $49
My Mum is 71 and Loves Zara—Here Are 6 Trends
I Just Tried On M&S’s Best-Selling Jeans, and I’m Officially
Here Are The 3 Products Brittany O’Grady Swears By For
Shop Sunburn Blush Shades for Summer
3 Audiobooks Featuring Journeys, Internal and External
Using Nonfiction Comics for Learning
BookTrib Giveaway: Living a Healthy Lifestyle Isn’t as Hard as
Interview with Vincent Howard, Author of Crossroad
Moderate drinking linked to brain changes and cognitive decline
Technologies for single-cell RNA profiling can help dissect the cellular
Claims that girls have a ‘natural’ aversion to physics are
Don’t Fear China’s Falling Rocket—Fear the Future It Foretells
Oppo Tipped to Launch Two Foldable Smartphones Later This Year
The 10 Best TVs We’ve Tested (and Helpful Buying Tips)
Oppo and OnePlus halt sales in Germany after a court
Give Yourself Permission to Buy That Steam Deck