Skip to main content
All CollectionsRemediations
Untrusted Microsoft Office Macro Execution Enabled Vulnerability
Untrusted Microsoft Office Macro Execution Enabled Vulnerability
Alan Butcher avatar
Written by Alan Butcher
Updated over 2 years ago

The Untrusted Microsoft Office Macro Execution Enabled Vulnerability when detected with a vulnerability scanner will report it as a CVSS 7.3.

CVSS is a scoring system for vulnerability systems, its an industry standard scoring system to mark findings against a specific number ranging from 0 to 10. They are shown as:

A macro is a series of commands that you can use to automate a repeated task, and can be run when you have to perform the task. This article has information about the risks involved when you work with macros, and you can learn about how to enable or disable macros in the Trust Center.

A Microsoft Office application installed on the remote host has untrusted macro execution settings enabled.

This plugin first checks to verify that there are any Microsoft Office products actually installed. If there are, it will enumerate the registry keys that are set when an Office application allows the execution of untrusted macros. In some in edge cases, the registry settings that allow the execution of untrusted macros may still be present and set, even if there are no installed Microsoft Office products.

Administrators can enable this feature for Word, Excel, and PowerPoint by configuring it under the respective application’s Group Policy Administrative Templates for Office 2016. For example, to enable this setting for Word:

  • In the Group Policy Management Editor, go to User configuration.

  • Click Administrative templates > Microsoft Word 2016 > Word options > Security > Trust Center.

  • Open the Block macros from running in Office files from the Internet setting to configure and enable it.

Macro settings are located in the Trust Center. However, if your device is managed by your work or school the system administrator might prevent anyone from changing settings.

Important: When you change your macro settings in the Trust Center, they are changed only for the Office program that you are currently using. The macro settings are not changed for all your Office programs.

  • Click the File tab.

  • Click Options.

  • Click Trust Center, and then click Trust Center Settings.

  • In the Trust Center, click Macro Settings.

  • Make the selections that you want, then click OK.

Note: The options are slightly different in Excel.

  • Disable all macros without notification Macros and security alerts about macros are disabled.
    In Excel this option is Disable VBA macros without notification and it only applies to VBA macros.

  • Disable all macros with notification Macros are disabled, but security alerts appear if there are macros present. Enable macros on a case-by-case basis.
    In Excel this option is Disable VBA macros with notification and it only applies to VBA macros.

  • Disable all macros except digitally signed macros Macros are disabled, and security alerts appear if there are unsigned macros present. However, if the macro is digitally signed by a trusted publisher, the macro just runs. If the macro is signed by a publisher you haven't trusted yet, you are given the opportunity to enable the signed macro and trust the publisher.
    In Excel this option is Disable VBA macros except digitally signed macros and it only applies to VBA macros.

  • Enable all macros (not recommended, potentially dangerous code can run) All macros run without confirmation. This setting makes your computer vulnerable to malicious code.
    In Excel this option is Enable VBA macros (not recommended, potentially dangerous code can run) and it only applies to VBA macros.

  • Excel also has a checkbox for Enable Excel 4.0 macros when VBA macros are enabled. If you select this checkbox all of the above settings for VBA macros will also apply to Excel 4.0 (XLM) macros.
    If this checkbox is not selected XLM macros are disabled without notification.

  • Trust access to the VBA project object model Disallow or allow programmatic access to the Visual Basic for Applications (VBA) object model from an automation client. This security option is for code written to automate an Office program and manipulate the VBA environment and object model. It is a per-user and per-application setting, and denies access by default, hindering unauthorized programs from building harmful self-replicating code. For automation clients to access the VBA object model, the user running the code must grant access. To turn on access, select the check box.

Did this answer your question?