Microsoft has announced that it will start blocking Visual Basic for Applications (VBA) macros from untrusted sources by default in future versions of Microsoft Office. VBA macros are often used by attackers as a means for deploying ransomware and other forms of malware. With this change, users will receive a warning when they click on an Office file from an untrusted source that contains macros. The user will then have to make an active choice whether to allow the macros. Many organizations already enable the “Block macros from running in Office files from the Internet” policy, which has a similar effect.

This change only applies to untrusted files. If the file comes from a trusted source, if trust is proven through a digital signature, or if the document was previously marked as trusted, VBA macros are enabled. According to Microsoft, the change will occur in Version 2203 software, which started to roll out in Preview form earlier this month.

This change marks an acknowledgment from Microsoft that untrusted VBA macros are a significant security issue for Windows users. Even if you don’t plan to download the new Office version anytime soon, it is a good idea to block untrusted macros as a policy to close off this common form of attack. On the other hand, if your business provides Office documents with embedded macros for download (for example, sales documents or tech sheets), these files might require changes to be fully usable after this change is in effect.