What is the recommended approach?
To protect themselves against malicious macros, organisations should implement one of the following recommended approaches:
- all macros are disabled
- only macros from trusted locations are enabled
- only macros digitally signed by trusted publishers are enabled.
In addition to implementing one of the recommended approaches above, organisations should:
- implement application control to mitigate a malicious macro running unapproved applications
- implement email and web content filtering to inspect incoming Microsoft Office files for macros, and block or quarantine them as appropriate
- implement macro execution logging to verify only approved macros are used (e.g. by logging the execution of known file extensions such as dotm, docm, xlsm, pptm and ppsm)
- ensure users assigned to assessing the safety of macros have appropriate VBA training.