Microsoft this week announced (opens in new tab) that it is integrating its Antimalware Scan Interface (AMSI) in its Office 365 client apps. The integration will allow AMSI to detect malicious macros and scripts in Office documents, stop them from executing, and flag them for further inspection from antivirus applications (via OnMSFT.
"Macro-based threats have always been a prevalent entry point for malware, but we have observed a resurgence in recent years. Continuous improvements in platform and application security have led to the decline of software exploits, and attackers have found a viable alternative infection vector in social engineering attacks that abuse functionalities like VBA macros," Microsoft says in a blog post announcing the new feature.
In addition to making AMSI detection mechanisms available in Office 365 client apps, Microsoft is ensuring any antivirus application has access to its open interface.
Upon detection of malicious behavior, Microsoft says it stops the macro execution immediately and notifies the user via the Office app interface. The application's session is then shut down to prevent any further damage.
This is an important addition to the Office 365 suite as macro-based attacks continue to become more prevalent. If you'd like to dive into all of the nitty-gritty details, Microsoft has a more technical rundown of how AMSI works through the Office 365 client applications in its full blog post. (opens in new tab) AMSI integration is now available in Word, Excel, PowerPoint, Access, Visio, and Publisher for Office 365 Monthly Channel releases.
Good move. I think macro based virus and malware are the only category that I see very often nowadays.
Macro based viruses and malware died out years ago and stopped being an issue for most users when Microsoft disabled macros in Office by default.
I thought there was a fairly recent (within a year or so) attack that utilized this method to gain access to a user's system? You are right in the fact that the user had to trust internet files and run the macro themselves, but remember most average users just click yes without reading pop-ups.
Get the best of Windows Central in in your inbox, every day!
Thank you for signing up to Windows Central. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.