Malicious macros for Microsoft Office are a significant security concern. See how we protect our computers.
FAQ Overview
Microsoft has introduced new default handling for some functions for Office applications that apply to unsigned macros. These settings prevent the use of unsigned macros, which are a significant security concern.
While these settings are fine for most folks, some users on macOS have been faced with disruptive pop-ups from Office applications that make it difficult to use programs such as Word, PowerPoint, or Excel.
What causes these pop-up warnings in Office apps on macOS?
The root cause of these pop-ups is not the security settings themselves, but some helper macros that are installed by default when Adobe Acrobat or related apps are installed. These apps install a PDF conversion tool that is unsigned, and therefore does not meet Microsoft's security requirements to allow macros to run. Even if you're not using the function, it wants to load when you launch any of the Office apps. The apps detect the macro, and that it's unsigned, and present a somewhat confusing message window.
How can I get the Office apps to launch correctly?
Removing the unsigned macros will allow your Office apps to launch properly. On your MHC-owned Mac, you can use an action in Jamf Self Service to remove them:
- Go to Applications and launch Self Service.
- Search or Browse for the "Remove Adobe PDF Macros from Office" action -- the icon is a red box with the Adobe cloud symbol and a yellow triangle with an exclamation point.
- Run the action.
- Launch your Office app.
The Self Service action can be run multiple times. Read on to see why this might be necessary.
Will removing the macros fix the problem permanently?
Alas, the next time Adobe Acrobat or related apps are updated, the unsigned macros will come right back. The macro warnings will keep appearing until Adobe signs the macros as Microsoft advises. If you see the macro alerts again, follow the above steps to remove the unsigned macros. (Yes, again. )
How can I understand more about the security risks of unsigned macros?
Wired magazine wrote a nice overview of Microsoft's actions shortly after they were implemented.
The MITRE database of attack vectors has a more technical write-up of how malicious macros can be used to compromise a computer.
But how can I save as PDF if I need to remove the macros?
Good news is that macOS has the ability to save as PDF built-in, though it might not be where you expect. In most applications, it's found as part of the Print options. Select Print, then look for "Save as PDF" or "Open PDF in Preview."
What if I need to use some home-grown macros for special purposes?
If you're getting macro alerts because you need to use home-grown macros for research or other academic use, please contact the Technology Help Desk and tell us about your needs. Be prepared to tell us where you get the macros, what they are used for, and how you know they are safe.