I had the honor of being a guest at RunAsRadio with host Richard Campbell where we discussed security in Office macros and how you can secure your enterprise. Click the image to listen to the podcast:
Office macros need security? Yes! Richard chats with Karim El-Melhaoui about the issues around Office macros. With default settings, VBA macros in the Office suite are incredibly powerful and are an effective malware vector. While Microsoft has some built-in capabilities to warn users about enabling macros, modern malware makers have been socially engineering users to bypass those protections. You can go heavy handed and disable macros with group policy, but what if you need them? Karim talks about some of the latest features coming in the Windows 10 Creators Update to provide more granular security for Office macros. But maybe it’s time to move away from them entirely?
To get started:
Attack Surface reduction were discussed in the interview and is a powerful mitigation that were introduced in Windows 10 Fall Creators Update. It gives several options for blocking common macro attacks.
Also look into blocking macros originating from the internet, more information is covered in a detailed blog post from Microsoft:
Hoping to write a more detailed blog post covering ASR in Windows 10 1709..