For the past year or so, Microsoft has been engaging with customers about its decision to block internet macros by default in Office apps. Although many organizations still use Excel 4.0 (XLM) macros for their automation activities, Microsoft has been encouraging a transition to the more secure Visual Basic for Applications (VBA) for quite some time. This is because malicious actors abuse macros to inject malware into enterprise systems frequently, so their continued use facilitates a relatively accessible attack surface. Microsoft has already been restricting XLM macros in Excel since January.
However, the Redmond tech giant has seemingly decided to backtrack on its decision and roll back the change. This means that macros are no longer disabled by default in Excel, PowerPoint, Word, Access, and Visio.
The move is quite odd because the initial decision to block macros in Office apps was mostly appreciated by the cybersecurity community, but now, Microsoft says that it is rolling back this change due to negative feedback.
Although some customers have previously complained about the implementation of the block and the hurdles that organizations have to jump through to enable trusted macros, Microsoft's rollback is rather drastic, especially since it impacts the default behavior of Office apps.
Microsoft has not posted a public message about the U-turn yet. In fact, there was not even a private advisory about the change until customers began noticing it on Wednesday. Right now, the only official documentation on the matter comes from the Microsoft 365 message center, where a notice states that:
Based on feedback, we're rolling back this change from Current Channel. We appreciate the feedback we've received so far, and we're working to make improvements in this experience. We'll provide another update when we're ready to release again to Current Channel. Thank you.
Microsoft's Angela Robertson has also responded to user questions regarding the rollback on an older blog post, apologizing for the delayed communication:
Based on feedback received, a rollback has started. An update about the rollback is in progress. I apologize for any inconvenience of the rollback starting before the update about the change was made available.
The comment has been met by further criticism, with customers asking Microsoft to be more transparent regarding the changes it makes to a feature that impacts a large audience. The company is yet to share more details about why it decided to roll back the change, but we have reached out for a statement and will update this article if we receive a response.
Source: Bleeping Computer
Update: In a statement to Neowin, Microsoft has confirmed that this is only a temporary reversal of configuration, the full comment can be seen below:
Following user feedback, we have rolled back this change temporarily while we make some additional changes to enhance usability. This is a temporary change, and we are fully committed to making the default change for all users.
Regardless of the default setting, customers can block internet macros through the Group Policy settings described in this article.
We will provide additional details on timeline in the upcoming weeks.