Microsoft‘s Office apps are being a headache for its users; most of the attacks aiming at end-users utilize those applications. Especially the macro-running capabilities of the Office components are creating huge security risks for those who are not aware of cybersecurity enough. The company is finally taking some bold steps to fix this issue.
Attacks related to Office macros will be decreased
Microsoft is disabling Visual Basic for Applications macros as default on its Office applications; Excel, Word, Access, PowerPoint, Visio. The changes will only apply to the Windows machines, beginning with the upcoming 2203 version that will be released in early April this year. As the updates arrive, VBA macros obtained from the internet will now be blocked by default. This change will also apply to Office LTSC, Office 2021, Office 2019, Office 2016, and Office 2013 in the future.
App installer protocol handler is also being disabled
The MSIX ms-installer protocol handler is temporarily disabled due to the vulnerability in the AptX installer that was claimed to be fixed with the December security patch. The flaw is tracked as CVE-2021-43890. With this temporary change, the App installer will no longer be able to install an app directly from a web server.
The application will be needed to be downloaded to the system, then it will be installed. This measure might be related to the Windows Defender; as the user downloads an application, Windows Defender can check whether it is a malicious app or safe.
Microsoft also recommends removing “ms-appinstaller:?source=” link extensions from the websites that utilize direct installation of the apps from the web servers. This change will ensure downloading the related application; not trying to run a direct installation.