We reported recently that hackers were using social engineering to trick users into disabling malware protection, allowing macros in infected word documents to take over computers and ultimately company networks.

Microsoft is currently working on rolling out the ability for company admins to disable all active content in documents, even those marked as Trusted.

Currently, network admins can block insecure content from running, but users can always run Trusted content, even when that content has been added to and potentially compromised.

“We are changing the behavior of Office applications to enforce policies that block Active Content (ex. macros, ActiveX, DDE) on Trusted Documents.  Previously, Active Content was allowed to run in Trusted Documents even when an IT administrator had set a policy to block it.”

Users will still be able to view content in Protective View, but all active content will be disabled.

The update is rolling out in October this year.

via BleepingComputer.

Comments