Microsoft plans to kill malware delivery via Office macros

[Porthos]

Microsoft plans to kill malware delivery via Office macros

Microsoft announced today that it will make it difficult to enable VBA macros downloaded from the Internet in several Microsoft Office apps starting in early April, effectively killing a popular distribution method for malware.

www.bleepingcomputer.com

 

[nlinecomputers]

I have a client that is having major issues with this today. Is there a setting in Office 365 admin or security center to restore the old behavior? @YeOldeStonecat or @Sky-Knight HELP!!! Trying to not have to remote into 30 workstations and fix this.

 

[phaZed]

Bout time! Only 20-25 years late lol!

 

[nlinecomputers]

Well, I have a payroll company that is having major issues with this. Lots of people use macros and they email the files to them. Sadly lots of places do not have secure email so the files are now being tagged as not secure and can't be run. I have them saving the files to the desktop or other secure location like OneDrive so they can open the files. If the files are digitally signed via O365 there is no issue. It's the loads of companies that use stupid free email and stand-alone O365 that are causing the issue.

 

[phaZed]

Not the end of the world:

A potentially dangerous macro has been blocked - Microsoft Support

support.microsoft.com

 

[nlinecomputers]

Not the end of the world:
View attachment 13753

A potentially dangerous macro has been blocked - Microsoft Support

support.microsoft.com

Yes. That is exactly what I am doing. And the masses are rebelling. Oh GOD, we have to learn something new.

 

[phaZed]

How to 'Unblock' multiple files at a time with PowerShell - 404 Tech Support

If you have been frustrated by the warning message on Windows computers “This file came from another computer and might be blocked to help protect this computer.”, you are not alone. The warning might pop up when you try to open a file that you downloaded from the Internet. It can cause a decent...

www.404techsupport.com

 

[YeOldeStonecat]

I have a client that is having major issues with this today. Is there a setting in Office 365 admin or security center to restore the old behavior? @YeOldeStonecat or @Sky-Knight HELP!!! Trying to not have to remote into 30 workstations and fix this.

I have not seen where it's a setting from the 365 tenant.
However you can over rule the setting by managing "Trusted Locations"....within Trust Center.


I know there are registry edits you can script out to add to each office apps trusted locations.

 

[nlinecomputers]

Trusted locations are not a problem. They were just used to being able to do this from inside of Outlook. One-click. Now it is multiple steps and it's piss!ng them off. It's a payroll company and I am fighting hard to not change it for them but I want a method if they stupidly insist.

 

[Sky-Knight]

There is no method to change this behavior, and after cleaning up a single EMOTET that came from this... I'm saying it's WORTH IT.

I haven't had any phones ringing yet, and when it starts this is going firmly in the tough, grow up and adapt pile. These Macro's have been dangerous for ages.

Emailing macro enabled files is a bad business practice, and has been such for an EXTREMELY long time. If you need to move such files around it's probably better to use a Team for that.