Visual Basic Application (VBA) Macros – a necessary evil?

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email


A macro is an action or a set of actions that you can run as many times as you want. Suppose that every month, you create a report for your finance department. You want to format the names of the customers with overdue accounts in red, and also apply bold formatting. You can create and then run a macro that quickly applies these formatting changes to the cells you select. Sounds good and easy right?

Unfortunately, a macro has another potential that goes against its true purpose: delivering malicious files, malware, and ransomware to computers. Macros are powerful enough to execute files of unknown origin on a device and infect a system. Microsoft has been following the development of macros for a long time and how threat actors are taking advantage of this feature. As a result, and after a couple of years of research Microsoft has decided to tackle the issue by changing its Office 365 security policies.

Moving forward and to ensure safety of end users, the Visual Basic application (VBA) macros downloaded from the internet will be blocked by default in five Office 365 applications: Access, Excel, PowerPoint, Visio and Word. Users will no longer be able to enable a macro with a click of a button, instead, a message bar will pop up, sending the user to a Learn More link, where more information will be provided about steps to enable the macro.

This change will indeed impact legitimate VBA macros and certainly affect business operations and efficiency. However, by adding these additional steps, Microsoft is hoping to increase security of end users and deter hackers from using this feature to spread malware.

Without a doubt this is a proactive change from Microsoft.  But, there is no need to wait for Microsoft to make these changes. Currently, there are phenomenal solutions to protect your environment offered within the Microsoft 365 Defender Suite such as Microsoft Defender for Endpoint which uses the power of the cloud to keep its security database up to date and allows your security administrators to enable ASR rules to prevent these sorts of attacks. Attack surface reduction rules (ASR) target certain software behaviours:

  • Launching executable files and scripts that attempt to download or run files
  • Running obfuscated or otherwise suspicious scripts
  • Performing behaviours that apps don’t usually initiate during normal day-to-day work

Would you like to know more about how to protect your organisation with a next-gen Antivirus solution? Check out these links:

Microsoft Defender for Endpoint | Microsoft Docs

Attack surface reduction rules reference | Microsoft Docs



Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore