Blog

KeePass Exploit Unveiled: Retrieving Master Passwords in Clear Text

Microsoft Blocking Macros

Over the past few months, our team has heard from some of our customers that they are seeing macros that previously worked just fine are now getting blocked by Microsoft Office. Yes, this is TRUE. Microsoft has taken the stance that files from the internet can be dangerous because they could contain malicious macros… so they should be blocked. When a macro is blocked from running, you will see a “Security Risk” banner like this at the of the document:

Security Risk - Microsoft has blocked macros

Microsoft blocking macros in files from the internet is logical because they can be dangerous due to hidden malware or ransomware. Keep reading to understand the problem and possible solutions.

Why are Macros from the Internet Blocked?

Microsoft has decided that since it is fairly common for macros to be exploited and used to deliver payloads of malware or ransomware executables, these files can no longer be trusted.

When you go to Properties > General on a file there should be a checkbox to unblock, but it might not be available any longer. Enabling macros through Trust Center does not work either. From chatter in the online forums, some people have been able to fix the problem by changing the the mapping of the network drive where the file is stored to use the server’s IP address instead of network name. Then add the actual file location to “trusted locations” in Excel specifically. Other users say that this issue is happening due to changes in recent Microsoft Updates, as it happens on some PCs but not on others.

I need Macros! How do I unblock them?

There are a few possible scenarios where you might want to allow macros to run in trusted files. Here’s a list pulled from content in a recent Microsoft article (with much more detail) containing additional links for more information:

Scenario Possible approaches to take
Individual files • Select the Unblock checkbox on the General tab of the Properties dialog for the file
• Use the Unblock-File cmdlet in PowerShellFor more information, see Remove Mark of the Web from a file.
Files centrally located on a network share or trusted website Unblock the file using an approach listed under “Individual files.”

If there isn’t an Unblock checkbox and you want to trust all files in that network location:
• Designate the location as a Trusted site
• Add the location to the Local intranet zone

For more information, see Files centrally located on a network share or trusted website.

Files stored on OneDrive or SharePoint, including a site used by a Teams channel • Have users directly open the file by using the Open in Desktop App option
• If users download the file locally before opening it, remove Mark of the Web from the local copy of the file (see the approaches under “Individual files”)
• Designate the location as a Trusted siteFor more information, see Files on OneDrive or SharePoint.
Macro-enabled template files for Word, PowerPoint, and Excel If the template file is stored on the user’s device:
• Remove Mark of the Web from the template file (see the approaches under “Individual files”)
• Save the template file to a Trusted LocationIf the template file is stored on a network location:
• Use a digital signature and trust the publisher
• Trust the template file (see the approaches under “Files centrally located on a network share or trusted website”)For more information, see Macro-enabled template files for Word, PowerPoint, and Excel.
Macro-enabled add-in files for PowerPoint • Remove Mark of the Web from the Add-in file
• Use a digital signature and trust the publisher
• Save the Add-in file to a Trusted LocationFor more information, see Macro-enabled add-in files for PowerPoint and Excel.
Macro-enabled add-in files for Excel • Remove Mark of the Web from the Add-in file
• Save the Add-in file to a Trusted LocationFor more information, see Macro-enabled add-in files for PowerPoint and Excel.
Macros that are signed by a trusted publisher • [recommended] Deploy the public code-signing certificate for the trusted publisher to your users and prevent your users from adding trusted publishers themselves.
• Remove Mark of the Web from the file, and have the user add the publisher of the macro as a trusted publisher.For more information, see Macros that are signed by a trusted publisher
.
Groups of files saved to folders on the user’s device Designate the folder a Trusted Location

For more information, see Trusted Locations.

Affected Microsoft Office Applications

Blocking of macros will only affect devices running the Microsoft Windows operating system and Word, Excel, PowerPoint, Access, and Visio. Macro blocking will be applied in Microsoft Office version 2023 and later. If you’re running Microsoft Office on an Apple Mac, Android or iOS device or using Office on the web, macro blocking will not affect your experience.

Contact Beringer Today!

The team at Beringer has a focus on cybersecurity best practices, including how, and if, to unblock macros for various business needs. Give our team a call today, if you’re facing issues with blocked macros in Microsoft documents and need an enterprise-level solution.

Beringer Technology Group, a leading Microsoft Gold Certified Partner specializing in Microsoft Dynamics 365 and CRM for Distribution also provides expert Managed IT ServicesBackup and Disaster RecoveryCloud Based Computing, Email Security Implementation and Training,  Unified Communication Solutions, and Cybersecurity Risk Assessment.