Why haven't they done this before? Also, shouldn't the firewall play a big role into blocking these kind of attacks? After all, if processes, system based or not, can't communicate with the internet, I assume they can't download and execute the malware.
It seems Microsoft has changed its mind and will no longer block them by default. https://twitter.com/BleepinComputer/status/1545174259487621122
As the saying goes, Every change breaks someone's workflow. Someone is always going to be unhappy regardless of what you do.
Acc. to this BC article, the decision by Microsoft to not block macros is a temporary one? Here is a guide I see that you can use to restore the blocking capability. https://www.bleepingcomputer.com/ne...s-in-microsoft-office-docs-from-the-internet/ Andy Ful has also released a new version of Hard_Configurator. https://malwaretips.com/threads/har...ening-configurator.66416/page-189#post-996137
Yes correct, some companies complained about this. But I wanted to make a joke about that malware is now blocked too easily, and this was bad for MS Defender sales LOL.
Wow, not only was this temporary, it was extremely temporary (by Microsoft standards). https://www.bleepingcomputer.com/ne...blocking-office-macros-by-default-once-again/
strange decision, either this or that. any file from the web has an ADS which informs about the zone. internet is an untrusted zone by default. Allowing untrusted files with activated macros is seriously stupid from my view. macros are disabled by default on our work computers, activating - also editing - must explicit being allowed. lol
"As Microsoft blocks Office macros, hackers find new attack vectors Hackers who normally distributed malware via phishing attachments with malicious macros gradually changed tactics after Microsoft Office began blocking them by default, switching to new file types such as ISO, RAR, and Windows Shortcut (LNK) attachments... In a new report by Proofpoint, researchers looked at malicious campaign stats between October 2021 and June 2022 and identified a clear shift to other methods of payload distribution, recording a decrease of 66% in the use of macros. At the same time, the use of container files such as ISOs, ZIPs, and RARs has grown steadily, rising by almost 175%..." https://www.bleepingcomputer.com/ne...ffice-macros-hackers-find-new-attack-vectors/
The figures that show why Microsoft is so worried about Office macros: "...Machine identity management firm Venafi has published new research suggesting that 87% of the ransomware found on the dark web has been delivered via malicious macros to infect targeted systems..." https://www.infosecurity-magazine.com/news/87-ransomware-brands-exploit-macros/
i meant regular editing, files are read only on opening. Word shows a yellow message line for this and that.
