Microsoft adds macro blocker to Office 2013 to stymie old-school attackers

Microsoft adds macro blocker to Office 2013 to stymie old-school attackers

Microsoft yesterday said that it had added a malware-in-macros blocker to Office 2013 after customers demanded that it expand the feature beyond the latest version, Office 2016.

"The predominant customer request we received was for this feature to be added to Office 2013," the Microsoft Malware Protection Center team wrote in an unsigned blog post Wednesday.

IT administrators have been able to block macros from running in Office 2016 since March. Enterprise IT staff can craft group policies to restrict macros, completely block them, or amplify the warnings users normally see before a macro is opened.

The same capability was extended to Office 2013 last month, Microsoft said.

As Microsoft contended, users had called on the company to bring the feature to other editions. "Great feature, now how about for older versions of Office?" asked Jarrod Morago in a March comment appended to the original explanation of the feature in Office 2016.

"This should get added to Office 2013 as well," argued someone identified only as Todd. "That would be a goodwill gesture that would go a long way in organizations that are often behind, such as health care."

The group policy blockade was a response to an increase in malware that relied on users enabling macros within Word, Excel or PowerPoint. "Malware authors have become more resilient in their social engineering tactics, luring users to enable macros in good faith and ending up infected," Microsoft said.

Malicious macros were once a popular infection vector, but as Microsoft tightened the screws in Office, the technique became outmoded. In the last two years, however, the threat resurfaced as attackers created ever-more-convincing appeals to open attached Office documents and switch on macros.

Microsoft will support Office 2013 until April 11, 2023, but its predecessor, Office 2010, drops off the support list in October 2020. Because the latter is in its last five years of support, and because Microsoft is not obligated to add new features during that period, it's unlikely that admin-based blocking will also be extended to Office 2010.

IDG Insider


«Qualcomm agrees to buy NXP for over $37 billion


Penclic Mini Keyboard K2 and NiceTouch T2 review: Input devices not worth your consideration»
IDG Connect

IDG Connect tackles the tech stories that matter to you

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.


Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.



Should the government regulate Artificial Intelligence?