UK cybersecurity expert (and former Microsoftie) Kevin Beaumont tweeted that “this is potentially a game changer for the cybersecurity industry, and, more importantly customers,” as macros account for about 25 percent of all ransomware entry – a figure he called “deeply conservative.” A message bar noting that a particular downloaded VBA is not trusted will note: “Security Risk: Microsoft has blocked macros from running because the source of this file is untrusted” next to a Learn More button. The Learn More button will take users to an article about the security risk of bad actors using macros, ways to prevent phishing and malware, and instructions for enabling these macros by saving the file and removing the Mark of the Web (MOTW). The MOTW is added to files by Windows when they’re from an untrusted location (internet or Restricted Zone). This article from Microsoft has more information for IT pros/admins about the coming change in macro behavior.
