Skip to main content

Macro viruses are back, but Office 2016 has a new feature that can help

microsoft headquarters
Albertus Engbers/123rf
Microsoft Office macro viruses aren’t the only resurgent ’90s phenomenon right now, but they are the one that cause network administrators to lose the most sleep. Microsoft is offering a new tool for Office 2016 that might help.

Enterprise administrators can now set network-wide rules that disable macros for all documents downloaded from the Internet, allowing only locally created macros to run. Microsoft outlined the new features in a blog post on Technet, which also explores the extent of the problem.

It turns out that, in enterprise environments, macro viruses make up the bulk of Office-specific attacks: 98 percent, to be exact. Macros allow Office users to automate all kind of things inside a document, but have also been a popular vector for viruses since the days of Windows 95. Such macro viruses are on an upswing again this year.

“The enduring appeal for macro-based malware appears to rely on a victim’s likelihood to enable macros,” says the Microsoft post. “Previous versions of Office include a warning when opening documents that contain macros, but malware authors have become more resilient in their social engineering tactics, luring users to enable macros in good faith and ending up infected.”

The new feature prevents individual users from enabling macros in certain situations. Network administrators in an enterprise environment can set group policy that makes opening such malware less likely. Three kinds of documents can be filtered:

  • Documents downloaded from file-sharing sites like OneDrive and Dropbox.
  • Documents attached to emails that came from outside the organization (assuming your network uses Outlook and Exchange for email).
  • Documents opened from public shares, such as file-sharing sites.

Administrators can disable macros in all documents that come from these sources, without blocking macros in documents created locally or stored on the company server.

This policy could potentially annoy some users, but it’s likely a good security move for any company concerned about macro viruses. And while there’s no version of this feature in the home version of Office right now, we hope something similar comes along there as well.

Editors' Recommendations