Bulletins

Microsoft reverses course on major Office security move

Security professionals had cheered the company's previous decision to block malicious macros in Office documents by default. Now they're slamming the company for rolling the measure back and not effectively communicating the decision.

A photograph of the Microsoft logo on the outside of a building

Security professionals are questioning Microsoft's reversal on blocking Office macros.

Credit: Turag Photography/Unsplash

Microsoft confirmed Friday that it has begun undoing one of its biggest recent moves for improving the cybersecurity of its products and customers.


A representative for the tech giant said a "rollback" has started on a measure to block Visual Basic for Applications (VBA) macros in Office — which have been exploited by cyberattackers to deliver malware for decades — by default. The measure was widely applauded by security professionals after it was announced in February.

Now, many of those same security practitioners are questioning Microsoft's reversal on blocking Office macros.

"The single most impactful change Microsoft could have made to radically improve a real world cybersecurity issue in their own back garden (that they directly profit from) was rolled back without even being communicated," well-known security professional Kevin Beaumont said on Twitter.

The decision by Microsoft, which was first reported by Bleeping Computer on Thursday, was confirmed by two Microsoft representatives on the Microsoft 365 blog post that originally announced the macro-blocking measure.

The Microsoft representatives both said that the decision was made "based on feedback." Microsoft did not immediately respond to an email from Protocol on Friday.

Microsoft has been blocking VBA macros by default in five Office apps. Those include the three most widely used apps — Word, PowerPoint and Excel — and Visio and Access.

As of this writing, it's unclear whether the reversal is meant to be permanent or if Microsoft might bring back macro-blocking in Office in another form. Lots of companies use Office macros to automate parts of their business processes, and blocking those macros could have broken customer workflows.

"[W]e’re working to make improvements in this experience. We’ll provide another update when we’re ready to release again to Current Channel," one of the Microsoft representatives said in a comment on the blog post.

Malicious macros in Office documents have been blamed for nearly half of all mechanisms for malware delivery in the past.

"Looks like Microsoft has blessed us all with more job security," security researcher Marcus Hutchins said on Twitter in response to the rollback.

Microsoft's initial disclosure on the rollback was provided to administrators in the Microsoft 365 message center on Thursday, according to Bleeping Computer. A comment from an admin on the Microsoft blog post suggests the rollback had taken effect at least as early as Wednesday.

Latest Bulletins

Some of the most popular reproductive health apps lack strong privacy labels and security practices, according to a report published by Mozilla Wednesday.

Keep Reading Show less

Microsoft has finally broken its silence on a sales figure secret its kept close to its chest for more than half a decade.

Keep Reading Show less

The U.S. Commerce Department has implemented an export control on advanced chip design software that’s necessary to produce next-generation processors, expanding on existing controls that target chipmaking tools with the goal of hampering Chinese efforts to build the most complex chips domestically.

Keep Reading Show less

What was supposed to be a blockbuster crypto merger has morphed into a legal brawl. Galaxy Digital said Monday that it has terminated its $1.2 billion bid to buy BitGo, which it accused of failing to produce “audited financial statements."

Keep Reading Show less

Andreessen Horowitz is betting big on Adam Neumann's return to the real estate startup game.

Keep Reading Show less

Unity rejected AppLovin's offer to buy the company in an all-stock deal valued at $20 billion and instead will move forward with a plan to buy ad tech and monetization software company ironSource, the company said Monday.

Keep Reading Show less

Marqeta shares fell about 25% Thursday after the company revealed a weak outlook and founder Jason Gardner said he would step down.

Keep Reading Show less

Atlantic states may have a head start in the offshore wind game, but California has a plan to catch up — and even surpass — them.

Keep Reading Show less

The Federal Trade Commission has officially begun the long-awaited process of regulating digital data by reining in "surveillance" and lax security in a move that could have sweeping consequences for Big Tech and industries far beyond.

Keep Reading Show less

Meta announced it is expanding end-to-end encryption in Messenger, just days after news broke that the company gave Nebraska law enforcement Messenger chats between a 17-year-old girl and her mother discussing a medical abortion. Meta told Wired the announcement and the Nebraska case are unrelated, however, Meta would not have been able to access the chats if the girl and mother had used end-to-end encryption.

Keep Reading Show less

Coinbase said the SEC is looking into different aspects of the crypto company’s business, including “existing and intended future products,” according to a regulatory filing.

Keep Reading Show less

Microsoft accused its gaming rival Sony of trying to hurt the success of its subscription gaming platform by signing contracts with game developers that prohibit distribution through Xbox Game Pass, according to a new regulatory filing published in Brazil. The news was first reported by gaming outlet VGC on Wednesday.

Keep Reading Show less

Disney is getting ready to introduce an ad-supported Disney+ plan in December and will use that occasion to significantly raise the price of its existing ad-free subscription tier.

Keep Reading Show less

The CFPB said Wednesday that it has imposed a $2.7 million fine on Hello Digit, an app that claims to help users put aside money for rainy days but that the regulator said messed up their finances.

Keep Reading Show less

Facebook gave law enforcement in Nebraska private messages sent between a mother and a 17-year-old girl, who are now facing several charges in the state relating to a medication abortion the girl had. Facebook was served a search warrant, which was obtained by Vice, asking for their private data as part of the state's investigation.

Keep Reading Show less

Video game software company Unity can get bought by AppLovin or merge with ironSource, but it can’t do both.

Keep Reading Show less

Coinbase posted dismal results Tuesday as the crypto powerhouse got slammed by a downturn that “came fast and furious.”

Keep Reading Show less

Over the weekend, the Senate passed the Inflation Reduction Act. The legislation is the largest investment in addressing climate change ever made at the federal level.

Keep Reading Show less

The U.S. has begun cracking down on imported goods from China that may have been made with Uyghur forced labor. That includes solar panels, which have been detained at the border or shipped back to China in recent weeks.

Keep Reading Show less

As pressure mounts on Big Tech to do more to protect the youngest users, Snap is launching a new family center that will allow parents to see who their kids are friends with on Snap and report suspicious accounts.

It’s part of a wave of new kid safety features being launched by tech giants, including Meta and Apple. But Snap has an arguably bigger hill to climb in implementing these features than either of those companies. To get parents of teens to use Snap’s parental controls, first, parents of teens need to actually use Snap.

Keep Reading Show less

North Korean hackers used Tornado Cash, a mixer platform for cryptocurrencies, to launder funds. That's according to the U.S. Treasury Department, which imposed sanctions on the USDC and ETH wallet addresses associated with the protocol Monday.

Keep Reading Show less

Google has filed a new patent infringement lawsuit against Sonos, alleging the violation of four patents. Most of the claims focus on voice assistant functionality; Google alleges that Sonos began violating its patents when Sonos introduced its own voice assistant this summer.

Keep Reading Show less

Twilio disclosed that a cyberattack involving the theft of employee credentials allowed attackers to access data from "a limited number" of customer accounts.

Keep Reading Show less

Block reported second-quarter earnings that just topped analysts’ estimates, but shares fell as investors digested the effect of the macroeconomic environment on the company’s core payments businesses. Bitcoin volume also dragged on total revenue.

Keep Reading Show less

Meta announced Thursday it had banned Cyber Front Z, a pro-Russia troll group that purported to mobilize harassment by supporters of Vladimir Putin's war in Ukraine through a public Telegram channel.

Keep Reading Show less
Bulletins