Word and Excel files you download from the internet just got a whole lot safer. Security researchers call it “the single biggest change Microsoft made” to make life harder for hackers.

However, after Microsoft announced changes to how macros were executed by default on internet downloaded content, Talos found Qakbot increasingly moving away from the XLSB files in favor of ISO ...

Microsoft plans to block by default VBA macros obtained from the internet in Office on devices running Windows. This will impact Access, Excel, PowerPoint, Visio, and Word, according to a February ...

Using VBA macros embedded in malicious Office documents is a very popular method to push a wide range of malware families in phishing attacks, including Emotet, TrickBot, Qbot, and Dridex.

Source: BleepingComputer Microsoft Office will also check for the Mark-of-the-Web, and if found, it will open documents in Protected View, with the file in read-only mode and macros disabled.

This so-called "mark-of-the-web" (MOTW) is already used in Office—if you've ever downloaded a document or spreadsheet and been informed that editing has been disabled by default, thank an MOTW.