Factsheet Office macros

There is quite a possibility that your organisation is using Microsoft Office. One of many features offered by Office is macros. These can be used to automate tasks, but malware authors also use it to hide their malware in innocent looking documents. The NCSC has published a factsheet to warn for the risks of Office macros.

Old news, you might say. In the 1990s, several macro viruses were roaming around. Microsoft changed the default setting in Office to no longer allow macros being run automatically.

But although home users leave the default settings as they are, many organisations have loosened security in order to allow the legitimate use of macros, for example to automate templates. They are now at risk again. Not like the mass outbreaks we have witnessed in the 1990s, but specifically targeted and tailored malware for individual organisations. The solution, however, is simple.

Read the Office macros factsheet to learn how to check if you are vulnerable, and what you can do to better protect your organisation and allow legitimate macros to be used at the same time.

This publication is no longer actively maintained by the NCSC. The information in this publication may therefore be out of date.