MS Office 2013 - New Macro Controls - Sorta ...
I was trolling through the readme's for the latest batch of patches from Microsoft, and found this tidbit in the doc for MS16-099 (https://support.microsoft.com/en-us/kb/3177451):
Administrator can use the Group Policy to block running any macro in the files that are download from the Internet in Office 2013 applications. This feature is same as in Office 2016 applications. See the following articles for more information:
Also, and more importantly, there are no corresponding updates to the Office 2013 ADMX files, so you won't be seeing any new settings in your group policy screen for Office 2013.
You can (and should) put these macro limit controls in for Office 2016, but as far as I can see, that's an entirely different branch in both Group Policy and in the Registry. Office 2013 apps won't read Office 2016 settings, and vice versa. So the Office 2013 settings you had 30 days ago are still the only ones that are easy to get to.
It's great to see where Microsoft is going with this, but I think we'll all need to wait for the other half of this update before we can use it effectively.
So I think the best advice still remains to use one of these two settings for Office 2013:
Disable all without notification: If you don't use macro's in your organization, disable them and DON'T give your users the ability to bypass this setting.
or
Disable all except digitally signed macros: This is a more complex route - you'll need to sign all docs with macros in them. This isn't such a big deal really though - most organizations with macros have either static code, or a small number of macros maintained by a small number of people. In addition, most of us have private CA servers now for our wireless infrastructure.
So to go forward with signed macros, what's required in advance is some training for your 2 or 3 macro authors on how to sign their code (or do it for them if changes are very seldom).
Office 2016 has these settings, as well as "Block Macros from running in Office files from the Internet". This one is essentially the "easy button" that will shut down lots of the ransomware infections we're seeing these days.
I'm waiting with anticipation for this same "easy button" in GPO for Office 2013 to match this update (and Office 2016)! If it doesn't come, I might write one and post it here (I really hope it doesn't come to that though).
===============
Rob VandenBrink
Compugen
Comments
Anonymous
Aug 15th 2016
8 years ago
If you can updated you'll be a lot further ahead - I think in 2010 the end user always has the ability to "OK" any error message and bypass it.
I'd consider Office 2013 to be a decent starting point, 2016 if you can swing it. Anything older than that and you start to look like the "straggler in the herd" to the attacking community.
Anonymous
Aug 15th 2016
8 years ago
I sincerely doubt there's any [other] malware that has caused more expense to business than that.
Anonymous
Aug 15th 2016
8 years ago
Mainstream support for Office 2007 ended on 2012-Oct-09.
https://support.microsoft.com/en-ca/lifecycle?p1=11346
Extended support for Office 2007 will end on 2017-10-10.
Office 2007 (Version 12) is no longer part of mainstream support and hasn't been tested on Windows 10. However, Office 2007 will install and run on Windows 10.
Versions of Office prior to Office 2007 are no longer supported and may not work on Windows 10.
https://support.office.com/en-us/article/Which-versions-of-Office-work-with-Windows-10-0fc85c97-da69-466e-b2b4-54f7d7275705
So, your best option is to plan for an upgrade to your Office suite.
Anonymous
Aug 16th 2016
8 years ago
I wont be on 2016 for another 6-10 months ..
Anonymous
Aug 16th 2016
8 years ago
https://blogs.technet.microsoft.com/mmpc/2016/03/22/new-feature-in-office-2016-can-block-macros-and-help-prevent-infection/
Anonymous
Oct 30th 2016
7 years ago
https://blogs.technet.microsoft.com/mmpc/2016/10/26/office-2013-can-now-block-macros-to-help-prevent-infection/
Anonymous
Oct 30th 2016
7 years ago
https://blogs.technet.microsoft.com/mmpc/2016/10/26/office-2013-can-now-block-macros-to-help-prevent-infection/
Anonymous
Oct 30th 2016
7 years ago
Anonymous
Oct 31st 2016
7 years ago