Microsoft is making it harder for bad guys to use malicious macros, but we reckon it should be killing them.
“Macro-based malware is on the rise and we understand it is a frustrating experience for everyone. To help counter this threat, we are releasing a new feature in Office 2016 that blocks macros from loading in certain high-risk scenarios,” says the official Microsoft announcement on the TechNet Threat Research & Response Blog. “Despite periodic lulls, infections for the top 20 most detected macro-based malware were high over the past three months,” the announcement reads. It also adds that “in the enterprise, recent data from our Office 365 Advanced Threat Protection service indicates 98% of Office-targeted threats use macros.”
This alone suggests that something needs to be done about macro-based malware. The real problem for Microsoft is exactly what. That 98% statistic – which refers to detections and not necessarily successful infections remember – is a stark reminder to us all that the current Microsoft mitigation methodology isn’t working. “Block the macro, block the threat,” says Microsoft. Erm, yes, we get that. But it hasn’t really worked up until now, so what’s different this time around?