Bleeping Computer reported that: Microsoft is planning to allow Office 365 administrators to set a global policy so that all users in the organization cannot ignore the block active content on trusted documents prompt. It is reported that this set aims to prevent ActiveX controls, macro operations, and dynamic data exchange (DDE) functions on trusted documents that do not require user interaction by default.
Under normal circumstances, files from potentially unsafe locations are opened as read-only by default. However, even if active content that may have malicious operations is added, the modified trusted document will be automatically opened without any prompt, and the result is that the Office’s protected view line of defense is bypassed. The good news is that as part of the ongoing Office security enhancement work, users will continue to see relevant security prompts if files have moved or changed since they were last trusted.
Microsoft stated on the Office 365 roadmap:
We are changing the behavior of Office applications to enforce policies that prevent active content on trusted documents, such as ActiveX controls, macro operations, and dynamic data exchange. Previously, even if IT administrators set blocking policies, the software still allowed active content to run in trusted documents. According to the plan, Microsoft will push this feature update to all customers around the world before the end of October.
In related news, Microsoft has also updated the Defender for Office 365 service to prevent users from encountering certain embedded threats when browsing quarantined emails. In May of this year, the company updated the security baseline of enterprise Microsoft 365 applications (previously known as Office 365 ProPlus) to organize unsigned macros and JScript code to execute attacks.
In March of this year, it also introduced XLM macro protection for Microsoft 365 customers to prevent malware from misusing Office VBA macros and PowerShell, JScript, VBScript, MSHTA/Jscript9, WMI or .NET code (often used to deploy via Office document macros) Malicious payload).
