Microsoft has announced that Office 365 applications now support Anti-Malware Scan Interface (AMSI), a solution that allows antivirus programs to block malicious macros which have been a significant threat to users of any of the programs in Microsoft Office suite.
A macro is a series of rules or instructions that are grouped under the same command to complete a task automatically. For example, you can create a macro to change the formatting of a text document or to print all the documents in a folder automatically.
While they can be handy for automating actions and saving time, they can also be very dangerous, as cyber attackers can use macros to inject malicious codes and install malware on victim’s computers.
Macro-based attacks are a fertile ground for attackers to initiate malware. Microsoft says this method has been used for decades but has emerged prominently in recent years. Social engineering attacks using VBA macros are replacing software-based exploits.
“When a potentially high-risk function or method (a trigger; for example, CreateProcess or ShellExecute) is invoked, Office halts the execution of the macro and requests a scan of the macro behavior logged up to that moment, via the AMSI interface” Microsoft’s security experts explain.
Stopping malicious macros upon detection
Upon detection of malicious behavior, Microsoft says it stops the macro execution immediately and notifies the user via the Office app interface. The application’s session is then shut down to prevent any further damage.
A more detailed and technical rundown of how the AMSI works through the Office 365 client can be found in Microsoft’s full blog post.
The Anti-Malware Scan Interface has already been integrated into the latest Microsoft Office 365 updates, but it will not work if the user has activated the “Enable all macros” security option.
AMSI integration is now also available in Word, Excel, PowerPoint, Access, Visio, and Publisher for Office 365 Monthly Channel releases.