from the defense-is-your-own-responsibility dept.
Microsoft is reworking its Office VBA macro blocks:
Microsoft is rolling back a planned change to block Visual Basic for Applications (VBA) macros by default in a variety of Office apps. Announced earlier this year, Microsoft had been planning to prevent Office users from easily enabling certain content in files downloaded from the internet that include macros, in a move to improve security against malicious files. Microsoft had been testing this change ahead of a planned rollout to all Microsoft 365 users in June, but suddenly reverted the block on June 30th.
BleepingComputer reports that Microsoft notified IT admins last week that it was rolling back the VBA macro block based on feedback from Office users testing the changes. "We appreciate the feedback we've received so far, and we're working to make improvements in this experience," reads a Microsoft 365 message.
The unusual rollback has surprised some Microsoft 365 users, as many had been waiting years for Microsoft to be more aggressive about blocking macros from Office files. Hackers have been regularly targeting Office documents with malicious macros, and Office has typically prompted users to click to enable macros running with a simple button. Microsoft's planned changes meant Office users would only be able to enable the macros by specifically ticking an unblock option on the properties of a file.
See also: Microsoft rolls back decision to block Office macros by default
Related Stories
Hackers Hide Malware in Stunning Images Taken by James Webb Space Telescope:
A persistent Golang-based malware campaign dubbed GO#WEBBFUSCATOR has leveraged the deep field image taken from NASA's James Webb Space Telescope (JWST) as a lure to deploy malicious payloads on infected systems.
The development, revealed by Securonix, points to the growing adoption of Go among threat actors, given the programming language's cross-platform support, effectively allowing the operators to leverage a common codebase to target different operating systems.
[...] Phishing emails containing a Microsoft Office attachment act as the entry point for the attack chain that, when opened, retrieves an obfuscated VBA macro, which, in turn, is auto-executed should the recipient enable macros.
The execution of the macro results in the download of an image file "OxB36F8GEEC634.jpg" that seemingly is an image of the First Deep Field captured by JWST but, when inspected using a text editor, is actually a Base64-encoded payload.
[...] The binary, a Windows 64-bit executable with a size of 1.7MB, is not only equipped to fly under the radar of antimalware engines, but is also obscured by means of a technique called gobfuscation, which makes use of a Golang obfuscation tool publicly available on GitHub.
(Score: 3, Interesting) by deimios on Wednesday July 13 2022, @11:55AM (7 children)
Microsoft missed a huge opportunity when they didn't upgrade the macro engine in office. I'd love to have a VB.NET variant scripting language in office.
I sincerely hate macros but for some workloads there is no better tool that can be deployed as fast.
(Score: 5, Informative) by Hyper on Wednesday July 13 2022, @12:36PM
Microsoft misses so many good opportunities but don't worry they are doing as much damage as they can as fast as they are able to make up for it
(Score: 4, Funny) by RamiK on Wednesday July 13 2022, @01:03PM (1 child)
Excel's new lambda function makes it Turing-complete [microsoft.com] so feel free to compile a VBA interpreter straight into your spreadsheet template :D
compiling...
(Score: 0) by Anonymous Coward on Wednesday July 13 2022, @09:43PM
You already could do that before it was Turing complete. It would be more difficult, but it is still possible. Emulating the environment and library interfaces functionally would be the hardest part.
(Score: 2) by Mykl on Wednesday July 13 2022, @11:03PM
I use VBA Macros (Outlook and Excel, separately) in some of my day-to-day work. They're handy and save me a fair bit of admin time.
The biggest problem as I see it is that VBA's abilities extended too far. Being able to change system settings and write to the OS directory from a MS-Word document should never have been possible. If the language had been set up to only read and write files from an approved directory folder, and to limit the system calls that can be made, the vast majority of VBA script would continue to work successfully without opening users to the myriad of security holes that it does today.
(Score: 2) by canopic jug on Thursday July 14 2022, @06:25AM (2 children)
Microsoft missed a huge opportunity when they didn't upgrade the macro engine in office.
Macros are a bad idea, but at least LibreOffice can do Python in its macros and has been able to do so for years. M$ could have taken a page from that book. How much trouble could M$ have saved if they stopped throwing good money after bad and dropped VB like they should have years ago? Then on the other hand, a lot more mischief can happen using Python simply because there's so much more you can do with it, and that would include the bad actors as well.
Money is not free speech. Elections should not be auctions.
(Score: 0) by Anonymous Coward on Thursday July 14 2022, @06:56PM
In your second part you explain why that wouldn't have fucking helped.
Are you like schizo or something?
(Score: 0) by Anonymous Coward on Thursday July 14 2022, @08:54PM
They could have met in the middle you know. Just because they are implementing the languages doesn't mean they have to implement the entire standard library or can't put additional restrictions on top. Out of all possible times, that would have been the perfect time to do so.
(Score: 5, Insightful) by Dr Spin on Wednesday July 13 2022, @01:30PM
If you cared about security, you would not be using a Microsoft product.
Warning: Opening your mouth may invalidate your brain!
(Score: 2, Funny) by Anonymous Coward on Wednesday July 13 2022, @03:21PM
Stay tuned for VBAd... now with added systemd overreach.
(Score: -1, Troll) by Anonymous Coward on Thursday July 14 2022, @01:22AM
I COULDN'T BELIEVE IT. THEY SAID, "THANK YOU FOR STILL USING WINDOWS!" i REPLIED, "PUT A NEEDLE IN MY PENIS" AND SO THEY DID.