No strategy change despite temporary rollback

Jul 11, 2022 18:11 GMT  ·  By

The saga continues. After originally announcing its intention to block all Internet macros by default in Office and then rolling back the change quietly, Microsoft now says that it hasn’t reversed its decision and the security change will still be implemented.

Microsoft’s decision to block Internet macros by default in Office is based on security reasons, as the company says that users are targeted by malicious actors way too often using this powerful feature of the productivity suite.

“For years Microsoft Office has shipped powerful automation capabilities called active content, the most common kind are macros. While we provided a notification bar to warn users about these macros, users could still decide to enable the macros by clicking a button. Bad actors send macros in Office files to end users who unknowingly enable them, malicious payloads are delivered, and the impact can be severe including malware, compromised identity, data loss, and remote access,” the company said in its original announcement.

But earlier this month, it was discovered that the change was rolled back, with Microsoft actually remaining tight-lipped on the whole thing.

A company engineer eventually confirmed the change in a comment to the original announcement, and now in an update posted by the software giant, we’re finally getting additional information.

Microsoft says Internet macros will still be blocked by default in Office, as the rollback is just a temporary change for now.

“Following user feedback, we have rolled back this change temporarily while we make some additional changes to enhance usability. This is a temporary change, and we are fully committed to making the default change for all users. Regardless of the default setting, customers can block internet macros through the Group Policy settings described in this article. We will provide additional details on timeline in the upcoming weeks,” the company said.