Microsoft Office Will Now Block VBA Macros by Default (2024)
Microsoft is making its Office apps more secure by blocking Visual Basic for Applications (VBA) macros obtained from the Internet by default. Office users will no longer be able to enable these macros with the click of a button, and the apps will soon display a message bar with a security warning and a support page instead.
To enable these macros, Office users will need to save the file on a local hard drive, network drive, or cloud storage service like OneDrive, and then unblock the file manually. Microsoft already has a support page with detailed instructions on how to proceed, and this same page will be available in the message bar that will show up when Office users open files with VBAs macros coming from the Internet.
Windows Intelligence In Your Inbox
Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!
This new default behavior regarding Office macros will apply to Word, Excel, PowerPoint, Visio, and Access. As macros obtained from the Internet have been a notorious source of malware, Microsoft believes that this change should better protect consumers and enterprise customers using Office.
“For years Microsoft Office has shipped powerful automation capabilities called active content, the most common kind are macros. While we provided a notification bar to warn users about these macros, users could still decide to enable the macros by clicking a button. Bad actors send macros in Office files to end-users who unknowingly enable them, malicious payloads are delivered, and the impact can be severe including malware, compromised identity, data loss, and remote access,” explained Microsoft’s Kellie Eickmeyer.
Microsoft plans to start blocking VBA macros obtained from the Internet in Office by default in early April 2022, and the new default behavior will roll out first to Microsoft 365 subscribers in the Current Channel (Preview). The change will also make its way to Office LTSC, Office 2021, Office 2019, Office 2016, and Office 2013, though Microsoft has yet to share an ETA.
As an expert in cybersecurity and Microsoft Office applications, I can attest to the significance of Microsoft's recent decision to enhance the security of its Office apps by defaulting to block Visual Basic for Applications (VBA) macros obtained from the Internet. This strategic move is a proactive measure against a long-standing security concern, and my in-depth understanding of cybersecurity principles allows me to provide valuable insights into the implications and benefits of this decision.
The evidence supporting the necessity of this security enhancement is rooted in the historical use of VBA macros as a vector for malware distribution. Malicious actors have exploited the active content capabilities in Microsoft Office, particularly macros, to deliver harmful payloads, leading to severe consequences such as malware infections, compromised identities, data loss, and unauthorized remote access. Microsoft's acknowledgment of this threat, as highlighted by Kellie Eickmeyer, underscores the gravity of the issue and the need for a more robust security posture.
Now, let's delve into the key concepts mentioned in the article:
Default Blocking of VBA Macros: Microsoft is changing the default behavior of its Office apps to automatically block VBA macros obtained from the Internet. This means that users will no longer have the option to enable these macros with a simple click, enhancing the overall security posture of Office applications.
Manual Enabling of Macros: To enable VBA macros from the Internet, users will need to save the file on a local hard drive, network drive, or cloud storage service like OneDrive. Subsequently, they must unblock the file manually. This introduces an additional layer of security by requiring a deliberate action from the user, reducing the likelihood of unintentional macro execution.
Security Warning Message Bar: Instead of a one-click enablement option, Office apps will now display a message bar with a security warning when users attempt to open files with VBA macros from the Internet. This message bar will also include a link to a support page with detailed instructions on how to proceed, offering users guidance on safely handling such files.
Applicability Across Office Suite: This new default behavior regarding the blocking of VBA macros applies to various Office applications, including Word, Excel, PowerPoint, Visio, and Access. This comprehensive approach ensures a uniform and robust security stance across the entire Office suite.
Timeline for Implementation: Microsoft plans to implement these changes in early April 2022, starting with Microsoft 365 subscribers in the Current Channel (Preview). The rollout will subsequently extend to other versions, including Office LTSC, Office 2021, Office 2019, Office 2016, and Office 2013. While the exact timeline for these releases has not been specified (ETA), Microsoft is committed to implementing the security enhancements across different Office versions.
In conclusion, Microsoft's decision to block VBA macros from the Internet by default represents a proactive and crucial step in mitigating the risks associated with malicious macro-based attacks. This approach aligns with industry best practices and showcases Microsoft's commitment to enhancing the security posture of its widely used Office suite.
By default, Office is configured to block files that contain VBA macros and display a Trust Bar with a warning that macros are present and have been disabled. Users can inspect and edit the files if appropriate, but can't use any disabled functionality until they select Enable Content on the Trust Bar.
Although Microsoft Excel still supports Excel 4.0 (XLM) macros, we encourage you to migrate them to the latest version of Microsoft Visual Basic for Applications (VBA). Migrating your macros lets you take advantage of the improvements to the VBA programming object model.
Microsoft has been investing in new tools and languages to replace VBA in response to this trend. Power Automate, a cloud-based automation platform that connects with Microsoft Office products, is one such solution. Power Automate enables users to automate processes and create unique workflows without using VBA.
Malicious macros can do almost anything that other malware can do to your system, including emulating ransomware, stealing data, and emailing itself out to your contacts.
If your security settings are set to a high level, Excel may disable macros. Go to the "File" tab, click on "Options," select "Trust Center," and then click on "Trust Center Settings." Under "Macro Settings," choose a setting that allows macros. "Enable all macros" is less secure but allows all macros to run.
A malicious macro that you run unwittingly may damage or completely delete files on your hard drive, mess up your data, and even corrupt your Microsoft Office installation. For this reason, Excel's default setting is to disable all macros with notification.
Macros would usually get disabled because they are created with Visual Basic code that might negatively affect your computer if written or recorded with malicious intent. Macros getting disabled should not affect how the file was and whatever change you make to that certain file.
VBA macros are a common way for malicious actors to gain access to deploy malware and ransomware. Therefore, to help improve security in Office, we're changing the default behavior of Office applications to block macros in files from the internet.
Is VBA Still in Demand? Yes, VBA is still useful and used by individuals who are interacting with Microsoft products but newer languages such as Python, C#, or R can be used to code in place of VBA. New tools such as Power Query may be able to perform tasks that could previously only be performed when using VBA.
We do not plan to extend Visual Basic to new workloads. We will continue to invest in the experience in Visual Studio and interop with C#, especially in core VB scenarios such as Windows Forms and libraries." That's not too different from the company's remarks way back in 2020, when the .
Microsoft dropped VBA support for Microsoft Office 2008 for Mac. VBA was restored in Microsoft Office for Mac 2011. Microsoft said that it has no plan to remove VBA from the Windows version of Office.
Everything you can write in VBA can be done in Python. This page contains information that will help you translate your VBA code into Python. Please note that the Excel Object Model is part of Excel and documented by Microsoft.
Manufacturing companies that have developed custom production management systems, inventory tracking tools, or automation solutions using VB6 are among the prominent users of the language in 2024.
Introduction: My name is Velia Krajcik, I am a handsome, clean, lucky, gleaming, magnificent, proud, glorious person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.