Microsoft makes major course reversal, allows Office to run untrusted macros [Updated]

by
Dan Goodin
from Ars Technica - All content on (#6179X)
microsoft-800x600.jpeg

Enlarge (credit: Getty Images)

Microsoft has stunned core parts of the security community with a decision to quietly reverse course and allow untrusted macros to be opened by default in Word and other Office applications. (Update on July 11: The company later clarified that the move is temporary.)

In February, the software maker announced a major change it said it enacted to combat the growing scourge of ransomware and other malware attacks. Going forward, macros downloaded from the Internet would be disabled entirely by default. Whereas previously, Office provided alert banners that could be disregarded with the click of a button, the new warnings would provide no such way to enable the macros.

"We will continue to adjust our user experience for macros, as we've done here, to make it more difficult to trick users into running malicious code via social engineering while maintaining a path for legitimate macros to be enabled where appropriate via Trusted Publishers and/or Trusted Locations," Microsoft Office Program Manager Tristan Davis wrote in explaining the reason for the move.

Read 11 remaining paragraphs | Comments

index?i=SlsOx866W0U:Nb_KRmXq5JQ:V_sGLiPB index?i=SlsOx866W0U:Nb_KRmXq5JQ:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments