Microsoft to Disable Autorun MOTW Macros – End of an Era for Macro Malware or Hard Reset?

In an attempt to curb the ever-increasing macro malware incidence rate, Microsoft has announced that all macros bearing the Mark of the Web (MOTW) attribute will be disabled by default. Effective immediately, all version 2203 Microsoft Office products (e.g., Excel, Visio, Access, PowerPoint, and Word) will benefit from this change, which will become a permanent part of the security baseline for all Microsoft 365 enterprise apps. For now, the policy change is limited to version 2203 Office products, but Microsoft plans on rolling it out for other Office versions such as Office 2021, Office 2016, Office 2013, and Office 2019.

Essentially, all code-packed autorun macros downloaded from the Internet or other sources will be blocked by default if the Office cannot verify source, certificate, or validate against a group policy. This article will document the changes to MS’ security policy on autorun macros, gauge the impact on users and applications, and point out what the future holds for macro malware developers and distributors.

Autorun Macros Disabled – Yesterday’s News or Something Else?

By now, you’re probably wondering why Microsoft puts so much emphasis on something that’s been around since 2016. If you recall, 2016 is the year when Bill Gates’

Read More: https://heimdalsecurity.com/blog/microsoft-autorun-motw-macro-malware/