Microsoft has rescinded its earlier announcement of automatically blocking VBA (Visual Basic Application) macros on downloaded documents by default until further notice.
The tech giant is mum on the reason behind this decision and has yet to make a public announcement to customers that VBA macros embedded in malicious Office documents will no longer be blocked automatically in Access, Excel, PowerPoint, Visio, and Word.
The change started to roll out in Version 2203, beginning with Current Channel (Preview) in early April 2022, with general availability to be reached by June of next year.
This move was expected by many, as VBA macros are a popular method to shove a wide range of malware strains (including Emotet, TrickBot, Qbot, and Dridex) through phishing attacks via malicious Office document attachments.
With VBA macros blocked by default, there was high expectation that attacks that delivered malware will be automatically derailed.
Microsoft’s customers easily noticed that Microsoft turned back from making this change in the Current Channel on Wednesday, with the old ‘Enable Editing’ or ‘Enable Content’ buttons shown at the top of downloaded Office documents with embedded macros.
While the tech giant has not made public the negative backlash that led to the rescinding of this change, users said that they are unable to find the Unblock button to remove the Mark-of-the-Web from downloaded files, rendering it impossible to enable macros.
Furthermore, other admins felt that the decision makes it very challenging for end-users who would find it difficult to unblock files that they download every day, if not multiple times in a day.
For more information, read the original story in Bleeping Computer.