Microsoft adds macro blocker to Office 2013 to stymie old-school attackers

Microsoft adds macro blocker to Office 2013 to stymie old-school attackers

Admins can take users out of the equation with feature ported from Office 2016

Microsoft yesterday said that it had added a malware-in-macros blocker to Office 2013 after customers demanded that it expand the feature beyond the latest version, Office 2016.

"The predominant customer request we received was for this feature to be added to Office 2013," the Microsoft Malware Protection Center team wrote in an unsigned blog post Wednesday.

IT administrators have been able to block macros from running in Office 2016 since March. Enterprise IT staff can craft group policies to restrict macros, completely block them, or amplify the warnings users normally see before a macro is opened.

The same capability was extended to Office 2013 last month, Microsoft said.

As Microsoft contended, users had called on the company to bring the feature to other editions. "Great feature, now how about for older versions of Office?" asked Jarrod Morago in a March comment appended to the original explanation of the feature in Office 2016.

"This should get added to Office 2013 as well," argued someone identified only as Todd. "That would be a goodwill gesture that would go a long way in organizations that are often behind, such as health care."

The group policy blockade was a response to an increase in malware that relied on users enabling macros within Word, Excel or PowerPoint. "Malware authors have become more resilient in their social engineering tactics, luring users to enable macros in good faith and ending up infected," Microsoft said.

Malicious macros were once a popular infection vector, but as Microsoft tightened the screws in Office, the technique became outmoded. In the last two years, however, the threat resurfaced as attackers created ever-more-convincing appeals to open attached Office documents and switch on macros.

Microsoft will support Office 2013 until April 11, 2023, but its predecessor, Office 2010, drops off the support list in October 2020. Because the latter is in its last five years of support, and because Microsoft is not obligated to add new features during that period, it's unlikely that admin-based blocking will also be extended to Office 2010.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags microsoft office


EDGE 2023

EDGE is the leading technology conference for business leaders in Australia and New Zealand, built on the foundations of collaboration, education and advancement.


ARN has celebrated gender diversity and recognised female excellence across the Australian tech channel since first launching WIICTA in 2012, acknowledging the achievements of a talented group of female front runners who have become influential figures across the local industry.

ARN Innovation Awards 2023

Innovation Awards is the market-leading awards program for celebrating ecosystem innovation and excellence across the technology sector in Australia.

Show Comments