After taking a break from their application, Microsoft has decided to block VBA macros by default. The editor is also taking the opportunity to test a Windows 11 feature to counter brute-force attacks on RDP.
A little pas de deux from Microsoft regarding blocking VBA (Visual Basic for Applications) macros by default. Last January, the Redmond-based firm announced that Excel 4.0 or XML macros would be automatically disabled. Then, in early July, the publisher backed off, deciding to re-enable VBA macros in Office documents after several user comments. The latter faced difficulties in implementing this policy.
Eventually Microsoft decided to re-enable VBA macro blocking by default. In a firm blog post, Kelly Eckmeyer, Microsoft Product Manager, explains: “After reviewing customer feedback, we have made updates to both our users and system administrators to clarify the options available to them for various scenarios. With this clarification, the firm is “resuming the rollout of the default lock on Current Channel,” the manager emphasizes. A twist welcomed by cybersecurity experts. Indeed, hackers still use it to create documents that deploy malware or perform other malicious actions by manipulating files on the local file system. Please note that this modification will be rolled out to the Current Channel starting July 27th.
Curbing Brute Force Attacks on RDP
Parallel to this decision, Microsoft announced another change aimed at curbing brute-force attacks on RDP services. Test versions of Windows 11 introduced a default account lockout policy to slow down intrusion attempts. Indeed, cybercriminals use automated tools to brute force an account’s password. According to a post by Dave Weston, vice president of corporate and OS security at Microsoft, these tools are commonly used by ransomware operators.
In particular, the policy introduced in the Insider Preview (version 2258.1000 and later) of Windows 11 automatically locks out accounts for 10 minutes after 10 failed connection attempts. Users can modify this policy by changing the number of login attempts that result in a lockout and the duration of an account lockout.