Digital signing certificates can be self-generated by users, obtained from a commercial Certificate Authority or obtained from an organisation’s security administrator if they operate their own Certificate Authority. The signing certificate that is used to create a signed macro confirms that the macro originated from the signatory, while the signature itself confirms that the macro has not been altered. Microsoft Office applications allow developers to include information about themselves by digitally signing their macros. While the use of trusted documents is discouraged, trusted locations when implemented in a controlled manner can allow organisations to appropriately balance both their business and security requirements. Once trusted documents or trusted locations are defined, macros in trusted documents or macros in Microsoft Office files in trusted locations automatically execute when the files are opened.
Microsoft Office has both trusted document and trusted location functions. However, an adversary can also create macros to perform a variety of malicious activities, such as assisting in the compromise of workstations in order to exfiltrate or deny access to sensitive information. Macros are powerful tools that can be easily created by novice users to greatly improve their productivity.
HOW TO DISABLE MACROS IN EXCEL 2016 CODE
Microsoft Office files can contain embedded code (known as a macro) written in the Visual Basic for Applications (VBA) programming language.Ī macro can contain a series of commands that can be coded or recorded, and replayed at a later time to automate repetitive tasks. The purpose of these malicious macros can range from cybercrime to more sophisticated exploitation attempts.īy understanding the business requirements for the use of macros, and applying the recommendations in this publication, organisations can effectively manage the risk of allowing macros in their environments. In particular, adversaries have been observed using social engineering techniques to entice users into executing malicious macros in Microsoft Office files. BackgroundĪn increasing number of attempts to compromise organisations using malicious macros have been observed. Some differences however may exist for earlier versions than Microsoft Office 2016. The names and locations of Group Policy settings used in this publication are taken from Microsoft Office 2016 and are equally applicable to Microsoft 365, Office 2021 and Office 2019.
This publication has been developed to discuss approaches that can be applied by organisations to secure systems against malicious macros while balancing both their business and security requirements. However, macros can contain malicious code resulting in unauthorised access to sensitive information as part of a targeted cyber intrusion. Microsoft Office applications can execute macros to automate routine tasks.
0 kommentar(er)
