Word and Excel are programs that all of us, or almost all of us, have installed on our computers. These programs help us create, and edit, all kinds of documents and spreadsheets so that we can use them for ourselves, or share them with others. That is why hackers often use these programs and these types of documents to carry out all kinds of large-scale computer attacks. And one of the most used techniques for this are macros.
A macro is a piece of code, embedded within a document, whose main purpose is to automate certain tasks that would otherwise be very complicated to carry out. Hackers take advantage of these code snippets to automatically download and execute malware simply by opening a document with this macro embedded.
Microsoft is aware of this issue, and has been looking for ways to mitigate it for some time to minimize the dangers posed by these code snippets. For a long time, when opening a Word or Excel with a macro, the program warns us and, if we want to execute the code, it will be under our responsibility.
Last month, Microsoft decided to go a step further and began blocking this dangerous code in all documents by default to further tighten security. However, this change has not pleased many users, and Microsoft has been forced to revert the changes. At least temporarily.
That is why, if we have updated Office, in the last month we will have seen three changes related to the execution of macros. And, in the end, all of them to leave us just as vulnerable as at the beginning. But, if you are worried about these macros, with a simple change we can protect ourselves.
Block macros by default in Windows
Since Office 2016, Microsoft Office has the ability to always block macros in documents by default. There are two ways to do this. The first one is with a change in the Windows registry. What we must do is open the registry editor by executing the “regedit.exe” command, and we will place ourselves on the following key (if it does not exist we will have to create it):
HKEY_CURRENT_USER > SOFTWARE > Policies > Microsoft > office > 16.0 > word > security
Here, what we’ll do is create a new 32-bit DWORD value , name it “blockcontentexecutionfrominternet”, and set it to “1” . If we want the change to apply to Excel spreadsheets as well, we just have to change “Word” to “Excel” in the registry path, and repeat the same steps. We restart the computer and that’s it. When we try to open a document with an embedded macro, we will see that it has been completely blocked.
Another way to do this is through an administrative template. The problem is that it’s only available to Windows 10 or Windows 11 Pro users, not the “Home” editions.
To enable this administrative template, all we have to do is download the templates from the following link , and install them on the computer. Once installed, we will open the “gpedit.msc” editor, and navigate to the templates directory, within the User Configuration section, to configure them.
