Microsoft Office will no longer support downloading macros from the Internet from April to avoid phishing attacks

Earlier, Microsoft announced that Microsoft Excel 4.0 XLM macros are disabled by default due to security concerns because such macros have been abused by hackers to load malware. Now that Microsoft has announced that it will continue to strengthen the security of the Office software package, Microsoft will later block Microsoft Office from downloading VBA macro programs from the Internet by default. Attackers typically send targeted phishing emails to victims, which then trick them into clicking on the content of the add-on to download malware from the Internet.

Microsoft said in its blog that Access, Excel, PowerPoint, Visio, Word will get the update starting with a preview release in April 2022. After the update, these office software components will no longer support downloading macro programs from the Internet, which Microsoft hopes to help non-professionals defend against common phishing attacks. Specifically, when the document opened by the user contains macros that need to be downloaded from the Internet, a red security prompt will pop up at the top of the office software to warn that the macro is not trusted. In the past, Microsoft also popped up a warning but allowed users to manually enable macros and then download and run them, but the new version does not have the option to enable them so they cannot download and run macros. The new security policy will cover Microsoft 365 first, and then the Office LTSC version and the Office 2013~2021 buyout version will also be updated.

Macros are typically a feature used by professionals, and since they require manual programming, the new policy will have little impact on most users.