When Office sees a mark-of-the-web tag, the program opens that file in read-only Protected View mode just in case the file is malicious. This so-called "mark-of-the-web" (MOTW) is already used in Office-if you've ever downloaded a document or spreadsheet and been informed that editing has been disabled by default, thank an MOTW. Office can track which macros were downloaded from the Internet or from a networked share using a " Zone.Identifier" tag, at least when the file is saved to an NTFS volume. Disable all macros without notification Macros and security alerts about. Note: The options are slightly different in Excel, well call those out as we go. Make the selections that you want, then click OK. In the Trust Center, click Macro Settings. The Mac, iOS, Android, and web versions of Office won't be affected. Click Trust Center, and then click Trust Center Settings. The change will also be enabled for all currently supported standalone versions of Office, including versions 2021, 2019, 2016, and 2013. The change will be previewed starting in April in Office version 2203, before being rolled out to all users of the continuously updated Microsoft 365 version of Office starting in June.
Current versions of the software offer an alert banner on these kinds of files that can be clicked through, but the new version of the banner offers no way to enable the macros. This article from Microsoft has more information for IT pros/admins about the coming change in macro behavior.In the interest of combating ransomware and other malware, Microsoft is planning a major change in how its Office software handles macros: when files that use macros are downloaded from the Internet, those macros will now be disabled entirely by default.
The MOTW is added to files by Windows when they're from an untrusted location (internet or Restricted Zone). The Learn More button will take users to an article about the security risk of bad actors using macros, ways to prevent phishing and malware, and instructions for enabling these macros by saving the file and removing the Mark of the Web (MOTW). UK cybersecurity expert (and former Microsoftie) Kevin Beaumont tweeted that "this is potentially a game changer for the cybersecurity industry, and, more importantly customers," as macros account for about 25 percent of all ransomware entry - a figure he called "deeply conservative."Ī message bar noting that a particular downloaded VBA is not trusted will note: "Security Risk: Microsoft has blocked macros from running because the source of this file is untrusted" next to a Learn More button. Here are ZDNet's top picks for a variety of use cases. This change also will be applied to the Long Term Servicing Channel version of Office, including Office LTSC, Office 2021, Office 2019, Office 2016, and Office 2013.
Over time, Microsoft will move beyond the Current Channel with this change and apply it to other Office distribution channels, like the Monthly Enterprise and Semi-Annual Enterprise Channels.
The change will begin rolling out in the Current Channel (preview) of Office on Windows and will prevent users from enabling these kinds of macros with a single click. This will impact Access, Excel, PowerPoint, Visio, and Word, according to a February 7 blog post from the Office product group. Microsoft plans to block by default VBA macros obtained from the internet in Office on devices running Windows.
The effect, the company hopes, will be to eliminate a popular way for malware to perpetuate. Starting in early April, Microsoft plans to make it tougher to enable VBA macros that are downloaded from the internet in several of its Office apps.