Microsoft Office applications allow developers to include information about themselves by digitally signing their macros. While the use of trusted documents is discouraged, trusted locations when implemented in a controlled manner can allow organisations to appropriately balance both their business and security requirements. Once trusted documents or trusted locations are defined, macros in trusted documents or macros in Microsoft Office files in trusted locations automatically execute when the files are opened. Microsoft Office has both trusted document and trusted location functions. However, an adversary can also create macros to perform a variety of malicious activities, such as assisting in the compromise of workstations in order to exfiltrate or deny access to sensitive information. Macros are powerful tools that can be easily created by novice users to greatly improve their productivity.
#Microsoft toolkit 2.4.5 trusted code
Microsoft Office files can contain embedded code (known as a macro) written in the Visual Basic for Applications (VBA) programming language.Ī macro can contain a series of commands that can be coded or recorded, and replayed at a later time to automate repetitive tasks. The purpose of these malicious macros can range from cybercrime to more sophisticated exploitation attempts.īy understanding the business requirements for the use of macros, and applying the recommendations in this publication, organisations can effectively manage the risk of allowing macros in their environments. In particular, adversaries have been observed using social engineering techniques to entice users into executing malicious macros in Microsoft Office files.
BackgroundĪn increasing number of attempts to compromise organisations using malicious macros have been observed. Some differences however may exist for earlier versions than Microsoft Office 2016. The names and locations of Group Policy settings used in this publication are taken from Microsoft Office 2016 and are equally applicable to Microsoft 365, Office 2021 and Office 2019. This publication has been developed to discuss approaches that can be applied by organisations to secure systems against malicious macros while balancing both their business and security requirements. However, macros can contain malicious code resulting in unauthorised access to sensitive information as part of a targeted cyber intrusion. Microsoft Office applications can execute macros to automate routine tasks.
0 kommentar(er)
