Microsoft rolls back temporary plan to block Office VBA macros by default


Five months after announcing plans to disable Visual Basic for Applications (VBA) macros by default in the Office productivity suite, Microsoft appears to have reversed its plans.

“Based on the feedback received, a rollback has begun,” said Microsoft employee Angela Robertson said in a response dated July 6. “An update on the rollback is in progress. I apologize for any inconvenience caused by the rollback that started before the update on the change was made available.”

When reached by The Hacker News, Redmond said the decision to reverse course was temporary and that it is working on further usability improvements.

“Following user feedback, we have temporarily rolled back this change while making some additional changes to improve usability,” said a Microsoft spokesperson. “This is a temporary change and we are fully committed to making the default change for all users. Regardless of the default setting, customers can block Internet macros through the Group Policy settings described in This article

The company went on to say it would share additional details about the timelines in the coming weeks.

In February 2022, the tech giant said it was disabling macros by default for its products, including Word, Excel, PowerPoint, Access and Visio, for documents downloaded from the Internet in an effort to mitigate potential attacks that abuse its deployment functionality. from malware. †

“Bad actors send macros in Office files to end users who unknowingly enable them, malicious payloads are delivered and the impact can be severe, including malware, compromised identity, data loss and remote access,” Microsoft noted at the time.

(Update: The story has been updated with a statement from Microsoft. The headline has been revised to reflect that the changes are temporary.)