Microsoft this week announced that it is integrating its Antimalware Scan Interface (AMSI) in its Office 365 client apps. The integration will allow AMSI to detect malicious macros and scripts in Office documents, stop them from executing, and flag them for further inspection from antivirus applications (via OnMSFT.
"Macro-based threats have always been a prevalent entry point for malware, but we have observed a resurgence in recent years. Continuous improvements in platform and application security have led to the decline of software exploits, and attackers have found a viable alternative infection vector in social engineering attacks that abuse functionalities like VBA macros," Microsoft says in a blog post announcing the new feature.
In addition to making AMSI detection mechanisms available in Office 365 client apps, Microsoft is ensuring any antivirus application has access to its open interface.
When a potentially high-risk function or method (a trigger; for example, CreateProcess or ShellExecute) is invoked, Office halts the execution of the macro and requests a scan of the macro behavior logged up to that moment, via the AMSI interface. The AMSI provider (e.g., antivirus software) is invoked synchronously and returns a verdict indicating whether or not the observed behavior is malicious.
The list of high-risk functions or triggers are meant to cover actions at various stages of an attack chain (e.g., payload download, persistence, execution, etc.) and are selected based on their prevalence among malicious and benign macros. The behavior log sent over AMSI can include information like suspicious URLs from which malicious data was downloaded, suspicious file names known to be associated with malware, and others.
Upon detection of malicious behavior, Microsoft says it stops the macro execution immediately and notifies the user via the Office app interface. The application's session is then shut down to prevent any further damage.
This is an important addition to the Office 365 suite as macro-based attacks continue to become more prevalent. If you'd like to dive into all of the nitty-gritty details, Microsoft has a more technical rundown of how AMSI works through the Office 365 client applications in its full blog post. AMSI integration is now available in Word, Excel, PowerPoint, Access, Visio, and Publisher for Office 365 Monthly Channel releases.
We may earn a commission for purchases using our links. Learn more.
The Razer Tomahawk is small in stature, but mighty in power
Razer has a new gaming PC on the scene, and this time it's a compact desktop. The Razer Tomahawk Gaming Desktop uses a variation of the Tomahawk case to bring a modular, powerful PC that's designed to take up very little of your desk space.
Review: Razer's Hammerhead True Wireless Pro deliver THX and ANC for gamers
If you're looking for really good wireless earbuds and also happen to like mobile gaming, the new Razer Hammerhead True Wireless Pro is what you need. Featuring THX audio, ANC, low-latency streaming, and excellent comfort, there's a lot to like. Here's what we think of them after a week of using them with iOS and Android.
Found out when Cyberpunk 2077 releases in your area on PC and console
Cyberpunk 2077 is really almost here, and CD Projekt RED has revealed the exact release times for local areas on PC and console, as well as pre-load information.
Make the most of your Surface Pen and Slim Pen with these awesome apps
To really maximize the ability of the Surface Pen and Slim Pen, there are some essential apps you should check out. We've rounded up the best right here for a variety of purposes.