Since April, Microsoft has made the move many have called for and disabled macros. This has been a long time coming, with many security experts warning of the risks of this feature. It is believed that Microsoft hadn’t made this move until now due to its large number of users that rely on macros heavily. However, the pandemic has seen an increase in macro-dependent malware that the company simply couldn’t ignore anymore.
But what are macros and why was it so important for the company to disable them? And what can you do if your organization uses them frequently? Let us take you through the changes.
Excel 4.0 macros, also known as XLM macros, allow users to automate tasks. In essence, they are small pieces of software that live inside a document or spreadsheet, and execute pre-set functions seamlessly directly from the program, from refreshing pivot tables to sorting data by multiple columns. This is set up using Visual Basic of Applications (VBA) or a tool that records a series of actions and transforms it into a macro. This feature, which was first introduced in 1994, is extremely useful for enterprises. Many businesses of all sizes and in all sectors depend on macros in their everyday performance.
While Excel 4.0 macros can be a lifesaver for businesses, they have also been used for less noble purposes. Hackers have utilized the macro functionality to automatically download, install and run malware and ransomware onto an end-user’s computer, taking advantage of the fact that Microsoft programs are generally trusted in society. Lastline reports that, since 2020, there has been an unmissable spike in macro-based attacks, which has surely not escaped Microsoft HQ.
Up until April 2022, an alert would pop up, prompting you to decide whether to allow macros. Now, to increase security, Microsoft has changed its default settings so that files downloaded from the internet would have macros automatically disabled. The banner still appears, but there is no option to enable macros. This only affects the most recent version of Office, called 2203 (although previous supported versions will also get this update at a certain point), and only on Windows.
The short answer is: yes. For a more comprehensive explanation, we first need to understand how Microsoft will now block macros in the first place. Files downloaded from the internet are stamped with what’s known as ‘Mark of the Web’ or ‘zone.identifier’, which are metadata attributes that help Windows warn you that something is not necessarily trustworthy. This mark is how Microsoft determines whether to disable macros by default or not, meaning that if your Excel file has never moved across the internet, the macros in it would work.
In the case your file has been around the web, but you trust and want to enable macros, there’s still an option to do so. Through the ‘properties’ option for any file, click the ‘unblock’ button that removes the Mark of the Web tag — pretty simple. If you’re part of an organization that relies on macros constantly, you can also change this setting in your Group Policy, place macro-based files in ‘Trusted Locations’, or digitally sign your macros. At the end of the day, the reason for this change is not to make things difficult, but rather more secure.
However, if this still sounds too complex, or if you consistently collaborate with people outside of your company, finding a different solution may be worthwhile. With EASA, you can take any spreadsheet and convert it into a web app, complete with VBA, macros and add-ins. This gives you the peace of mind knowing your macros will work from anyone’s browser, while also avoiding the other pitfalls of Excel.
Contact us to learn more about how EASA can work for your company.