HomeTechnologyMicrosoft's Small Step to Disable Macros Is a Huge Win

Microsoft’s Small Step to Disable Macros Is a Huge Win


master mentalism tricks

Tricking someone into enabling macros on a downloaded Microsoft Excel or Word file is an old hacker chestnut. That one click from a target creates a foothold for attackers to take over their devices. This week, though, Microsoft announced a seemingly minor tweak with massive implications: Beginning in April, macros will be disabled by default in files downloaded from the internet.

Macros are small pieces of software used to automate tasks like data collection without the need to develop additional tools or applications. They can be written directly in Microsoft’s Visual Basic for Applications programming language, or set up through translation tools that will turn a series of steps into a VBA macro, no coding skills required. Businesses rely on them heavily, especially those with legacy infrastructure, and they play a crucial role in everything from financial services to government organizations. But as an individual Microsoft 365 user, it’s not unusual if your only interaction with macros has been clicking that pesky “allow” button—or knowing avoidance.

For attackers, being able to write little programs within massive, trusted applications like Excel or Word creates the opportunity to develop what are essentially macro viruses. Bad actors can also craft these programs to automatically download and run additional malware on victim devices. As a result, whether you use the feature in your daily life or not, everyone has faced risk from it for decades, making Microsoft’s move this week all the more significant.

“A few years from now, we’ll look back on this announcement as the single biggest change Microsoft made for mitigating threat actor initial access,” says incident responder and former NSA hacker Jake Williams. “Your apex-grade threat actors or the NSO Groups of the world aren’t using this stuff anymore anyway, but this will impact scammers, ransomware groups, and other criminals for sure.”

At least a quarter of ransomware attacks against businesses or other organizations start with phishing attempts, which often dangle a malicious document laced with tainted macros, according to Brett Callow, a threat analyst at the antivirus company Emsisoft.

“I’m very happy about Microsoft’s announcement,” Callow says. “Cybercriminals, on the other hand, will be far from happy. Really, the change was long overdue.”

“We are always working to improve security,” said a Microsoft spokesperson in a statement. “Our products currently provide a warning to all customers that requires them to click before running macros from the internet. This new feature goes even further with an extra step to protect customers in everyday scenarios.” The company declined to say specifically why it took the step now and had not done it sooner.

The answer likely involves the tension between the needs of Microsoft’s big, macros-dependent customers and the desire to tamp down macros-related attacks once and for all. In Windows 10 and 11, a feature called Microsoft Defender Application Guard has made it much more difficult for attackers to get meaningful access from what would have previously been successful macros-related attacks. But Application Guard is mostly intended for enterprise devices, and many consumer Windows computers still don’t support it. And in general, the vast universe of old and outdated Windows devices keeps trucking without advanced defenses.

Read The Full Article Here


trick photography
Advertisingfutmillion

Popular posts

Hollywood Spotlight: Director Jon Frenkel Garcia
The Dutchman Cast: André Holland, Zazie Beetz & More Join
The Creator Reactions: Gareth Edwards’ Latest Is One of 2023’s
Company Paid Critics For Rotten Tomatoes Reviews
FBI Season 6 Episode 6 Review: Unforeseen
The Good Doctor Season 7 Episode 4 Review: Date Night
These Horror Book Series Would Make Great TV Adaptations
‘Constellation,’ ‘Manhunt’ & More Apple Stars Dazzle in Our Portraits
Bill McBirnie’s Reflections (For Paul Horn) 
“Be Big” by Stephanie Bettman
“Ride On” by Roots Asylum
Touch the Buffalo’s “Bodhicitta”
9 Boob Tapes That Work For All Busts, Shapes, and
Here’s Why Apple Cider Vinegar Is the Ingredient Your Hair
I Travel a Lot for Work—These Are the Useful Items
The Best Street Style Looks From the Fall 2023 Couture
Latest in Mystery Series Follows P
Children’s Book Phenom Anoosha Syed Launches Latest
Winter 2024 Pick: The Heaven & Earth Grocery Store
Bookshelf: Development Diary
Butterflies could lose spots as climate warms
The FDA recently approved semaglutide (Wegovy) for preventing serious heart
10 years after the deadliest US landslide, climate change is
Researchers pump brakes on ‘blue acceleration’ harming the world ocean
Killing TikTok
Comedy or Tragedy?
BYD Atto 3 Electric SUV With Blade Battery Technology Launched
Bitcoin Falls to $19,000 in Anticipation of Tighter Fed Policy