Analecta Cyber Company Blog: Take Charge Over the Masses: Administratively Disable Macros


Take Charge Over the Masses: Administratively Disable Macros

Trust center dashboard office 365 - Macro settings NIST Cybersecurity Framework Protect - Administratively Disable Macros Many companies access Microsoft Office or Adobe documents on a daily basis. Whether it is a PowerPoint presentation on the next quarter’s sales forecast, a budget worksheet in Excel, or a PDF of a technical manual, these documents come through our email and reside on shared drives. Users may not think twice about opening a document, especially one that appears to come from a trusted or expected source. The problem is that all of these types of files can have embedded macros that can run malicious code without the user’s knowledge.

What exactly are macros and why do they pose a threat?

A macro (short for "macro instruction") is a group of instructions that are bundled together to speed up time consuming tasks. Think of them as a sort of shortcut key. Instead of taking several individual steps to accomplish something, you just need to activate the macro and the steps are executed automatically. Although macros date as far back as the 1950s for converting assembly language instructions into machine learning instructions with IBM computers, the early 1980s saw marcos prevalent in text editors on early personal computers.

Even though macros can make task automation easier for users, hackers can create their own version of macros to trick users into executing malicious code on their devices. Some of the recent Cryptolocker-type viruses spread through macros embedded in Word documents. One variant of the Locky ransomware malware uses macros in PDF attachments to open MS Word which prompts the user to enable macros in the Word document.

Microsoft Word - Administratively disabling macros graphic
Macro warning from Microsoft products allows the user to open the file with macros disabled. If the document is from a trusted source, the user can enable the macro for that file only.

Disabling macros

So, what’s the fix? First and foremost, ensure that macros are disabled on your devices. Microsoft has turned off auto-execution of macros by default since MS Office 2016, but it was possible to have them disabled on even earlier versions. Ensure that your security settings still have macros disabled in MS Office and Adobe settings. If you have to run older versions of applications or operating systems due to legacy issues, push out a group policy object (GPO) to disable macros.

If your organization needs to use macros for legitimate purposes, it may be useful use the group policy editor to block macros from the internet. If you are unable to use the group policy editor, Windows 10 home does not have it enabled, you can get the Group Policy Management Console from Microsoft here. Alternatively, you can make edits to the registry to achieve the same result.

Trust center dashboard office 365 - Macro settings
Trust Center dashboard in Office 365: Macro settings warn that it is not recommended to blindly enable all macros to run automatically.

After disabling macros

As with any security fix, disabling macros won’t solve your problems completely. User are still given the option to enable macros if they have been blocked. Malicious actors take advantage of this and use social engineering to trick users into enabling macros. Educate your employees about the risks of enabling macros from unknown or unexpected sources.

Also remember to keep your software updated. If your security policy allows for it, enable automatic updates for your operating system and applications - including Office, all installed web browsers, and especially Flash. Software updates and patches protect your PC from recently discovered or developed viruses.

Analecta Cyber

If you are not sure where to start, or if you would like help with any other cybersecurity issues, check out our blog series on the NIST Cybersecurity Framework. As always, feel free to contact us at or visit our Cybersecurity website. 

Analecta Cyber is a Maryland-based cybersecurity firm providing cyber risk assessments for small and medium sized businesses. Analecta is a trusted partner to help companies achieve their cybersecurity objectives.

Further Resources

No comments :

Post a Comment