How to disable macros in Microsoft Office

Macros can be malicious.

David bisson
David Bisson

How to disable macros in Microsoft Office

There are two fundamental truths that define our information society. First, computers can do some amazing things. And second, users don’t share a common level of expertise when it comes to personal computing.

Let’s reflect on the second point for a minute. Some people don’t know how to code in HTML, debug a program, or navigate the many menus and tabs in Microsoft Word. That’s not necessarily their fault. Think about it: most people just don’t need technical skills to use their computers. Those users are completely satisfied by their access to a word processor, a web browser, and some other bits here and there. That’s all they really need.

But there is one condition: they need it with the least amount of hassle possible.

Sign up to our free newsletter.
Security news, advice, and tips.

A common shortcut in Microsoft Office for everyday users

Tech companies understand that most users want a hassle-free computing experience and have therefore designed their applications accordingly.

Take Microsoft Office, for instance.

In Word, someone can center align their text by following this set of steps:

  • Highlight the desired text.
  • Click Format in the menu bar.
  • In the drop-down menu, select Paragraph.
  • A dialog box pops up. Click the arrow next to Alignment and click Center.
  • Click OK to close out the dialog box.

But there’s an easier way. Users can also just select their text and click on the text alignment buttons built into Microsoft Word. Each of those buttons is, in essence, a macro.


What’s a macro?

A macro is a computing shortcut that automates an oft-repeated task such as center aligning text in Microsoft Word.

Macros are clearly useful in that they make use of the mouse or the keyboard to save a user time with certain tasks. In that sense, they appeal to the vast majority of users who want computing to be as easy as possible.

The dark side of shortcuts

Unfortunately, not all macros are a user’s friend.

There is such a thing as a malicious macro, where a bad actor creates a shortcut that when executed loads up malicious code on a computer. To prevent users from catching on, the actor usually disguises their shortcut as something seemingly mundane. Sometimes, they even use hidden macros that execute malicious code as soon as someone opens up an infected Microsoft Office document.

For example, the PowerSniff malware makes contact with its victims via a Word document that’s disguised as a workplace incident report.

Malicious email 1

Once the user opens that document, the malware executes and eventually injects itself into the memory of a victim’s computer.

And that’s just PowerSniff. All kinds of malware, even ransomware, also use malicious macros embedded in Microsoft Office documents to make initial contact with potential victims.

Disabling macros in Microsoft Office

You never know what terrors a Microsoft Office document from an unfamiliar sender might contain. For that reason, many users may find it desirable to disable macros by default. Doing so won’t block macros permanently, but in the very least, it will display a warning asking users to enable content every time they open up a document that contains macros. That gives users a choice of enabling macros if they trust the sender and keeping them disabled if they don’t.

Microsoft Office disables macros by default on most of its new software versions (2016 and up). Here’s where you can check to see if that’s the case on a Macbook Pro.

  1. In an open Microsoft Office application, click on the name of the application and click on Preferences in the resulting drop-down menu.

Screen shot 2016 09 30 at 2.47.38 pm

  1. A dialog box pops up. Under the Personal Settings section, click on Security & Privacy.

Screen shot 2016 09 30 at 2.49.17 pm

  1. The very first item that displays is labeled Macro Security. It says it will warn the user if and when they open a document that contains macros. As I said before, macros are disabled (meaning this warning feature is enabled) by default, but it doesn’t hurt to double-check.

Screen shot 2016 09 30 at 2.50.36 pm

The process for verifying whether macros are disabled on a Windows computer is similar to that which I outlined above. The only difference is Windows users have access to a Trust Center, where they can choose to enable macros for one time when the security warning appears or disable all macros by following these steps:

  1. Click File > Options.
  2. Click Trust Center, and then click Trust Center Settings.
  3. In the Trust Center, click Macro Settings, where you can make any changes you want and approve them by clicking OK.

Trust center

Legitimate macros are much less commonly encountered in MS Word and Powerpoint than they are in Excel (particularly in corporate environments). Depending on your use case, you may or may not choose to disable macros entirely. Whatever you do choose, always be cautious about opening unsolicited Microsoft Office attachments and be wary of social engineering tricks that may attempt to fool you into enabling macros.

Need more help with your macro settings? Please click here for a helpful resource page provided by Microsoft Office itself.

David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.

3 comments on “How to disable macros in Microsoft Office”

  1. steveb_online


    A useful reminder. Thanks.

    Just by coincidence I changed other Trust Center setting in Word (M$) today by enabling Protected View in Word, Excel and PPT. I was a little surprised to see that it was off on all my applications (Office 2010), presumably by default. Do you have any observations on the effectiveness of Protected View? I think it may drive me mad in eventually, as each new file will require several authorisations, but it sounds like another level of defense against macro malware.

    M$ says that that Protected View opens documents without prompts in a restricted mode. Is there any evidence that this can be bypassed by malware that you are aware of?

    1. Bob · in reply to steveb_online

      It should be enabled by default in Office 2010 and later. Somebody, or other software, must have changed the setting.

      You should enable all of the Protected View options in the Trust Centre and also enable Data Execution Prevention (DEP) mode.

      Can malware disable these mitigations? Absolutely; however activating them gives you a little more protection.

      Office 2010 is somewhat old now and doesn't have the modern security features of Office 2016 or even Office 2013. If you have the option you really should upgrade. Even if you choose to stick with Office 2010 make sure you update the software itself so that you receive Office 2010 security patches.

  2. Rudolph

    Excellent article and advice about software protection protocols. Many end-users are often not aware of these settings and/or do not take the time to read about them when they come across these functions within their applications. I try to stay on top of security issues and concerns but it sometimes feels like a never-ending battle (which, in my opinion, it is).

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.