Microsoft disables Internet Macros by default in Office apps to prevent malware attacks.

Short News:- 

Microsoft Office Word, Excel, PowerPoint, Access, and Visio macros are being disabled by default. Visual Basic for Applications (VBA) macros as part of an effort to eliminate an entire class of attack vectors. Microsoft Office will now display a security risk banner when a user opens an attachment or downloads an untrusted Office file.

Detailed News:- 

Visual Basic for Applications (VBA) macros is being disabled by default in Microsoft products, including Word, Excel, PowerPoint, Access, and Visio. This is part of an effort to eliminate an entire class of attack vectors by disabling VBA macros by default in Microsoft products, such as Word, Excel, PowerPoint, Access, and Visio, for documents downloaded from the internet.

According to Kellie Eickmeyer, who wrote a blog post announcing the change, "Bad actors send macros in Office files to end-users who unknowingly enable them, malicious payloads are delivered, and the impact can be severe, including malware, compromised identity, data loss, and remote access."

When it comes to Office files, the company warns users not to allow macros to be used. However, unsuspecting users — such as those who receive phishing emails — can still be convinced to enable the feature, giving attackers an initial foothold in the system.

Microsoft Office will now display a security risk banner when a user opens an attachment or downloads an untrusted Office file that contains macros from an untrusted source on the internet, as part of the new change. The banner states, "Microsoft has blocked macros from running because the source of the file is untrusted."

As Microsoft points out in its security advisory, "If a downloaded file from the internet asks you to allow macros and you aren't sure what those macros do, you should probably just delete that file," the company advises, outlining the risk posed by malicious actors who employ macros.

It is possible to unblock macros for any downloaded file by right-clicking on it, selecting Properties from the context menu, and checking the "Unblock" checkbox on the General tab of the Properties window. For Microsoft 365 users, the updates are scheduled to go live in April 2022, with plans to backport the feature to Office LTSC, Office 2021, Office 2019, Office 2016, and Office 2013 users at a "future date." For Office LTSC users, the updates are scheduled to go live in April 2022.

More than a month before this, Microsoft disabled Excel 4.0 (XLM) macros by default in order to protect customers from security threats. XLM macros were another widely abused feature that was used to distribute malware.