Microsoft has announced that it is turning on VBA macros by default.
After literally years of lobbying by security professionals and others, in February of this year, Microsoft announced plans to ‘inhibit macros in documents that arrived from the internet’. At last! System Admins could previously achieve this through Group Policies, but it was now the default.
Well, Microsoft has changed its mind and said ‘
Following user feedback, we have rolled back this change temporarily while we make some
https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805/page/2#comments:~:text=Your%20standard%20SMB%20and%20even%20mid-sized%20businesses
additional changes to enhance usability. This is a temporary change, and we are fully
committed to making the default change for all users. Regardless of the default setting,
customers can block internet macros through the Group Policy settings described in the article
Block macros from running in Office files from the Internet. We will provide additional details
on timeline in the upcoming weeks.’
I do wonder which users’ feedback prompted the move, as it just increases the attack surface? Let us hope this gets put back quickly.