• Skip to primary navigation
  • Skip to main content
site logo
  • About
    • Approach
    • Partnerships
    • Mission
    • Leadership
    • Awards
    • Arraya Cares
  • Solutions
    • Solutions

    • Hybrid Infrastructure
      • Hyperconverged
      • Infrastructure as a Service
      • Servers, Storage, and Virtualization
      • Data Protection
      • Disaster Recovery & Business Continuity
    • Apps & Data
      • AI
      • Automation
      • Customizations
      • Visualizations & Integrations
      • Migrations
    • Network
      • Enterprise Networks
      • Wireless Connectivity
      • Cloud Networking Solutions
      • IoT
    • Cybersecurity
      • Endpoint Security
      • Network Security
      • Cloud Security
      • Application Security
    • Modern Workplace
      • Microsoft Licensing
      • Productivity & Collaboration
      • Modern Endpoint Deployment & Management
      • Microsoft Compliance & Risk
      • Backup
      • Cloud
  • Services
    • Services

    • Managed Services
      • Service Desk
      • Outsourced IT
      • Managed Security
      • Managed NOC
      • Arraya Adaptive Management for Microsoft Technologies
      • ADEPT: Arraya's White Label Program
    • Advisory Services
      • Assessments
      • Strategy
      • vCTO
      • vCISO
      • Enterprise Architecture
    • Staffing
      • Infrastructure Engineering
      • Security & Compliance
      • Application & Software
    • Professional Services
      • Project Management 
      • Systems Integration 
      • Mergers & Acquisitions
      • Knowledge & Skills Transfer 
  • Industries
    • Education
    • Finance
    • Healthcare
    • Legal
    • Manufacturing
    • Software and Services
  • Insights
    • News
    • Blog
    • Events
    • Videos
    • Case studies
  • Careers
  • CSP Login
search icon
Contact Us

Hackers Find Way to Bypass Windows Security Feature

Typically the saying “everything old is new again” gives a person a reason to hang on to possibly embarrassing old clothes or CDs. Unfortunately, that saying also has implications in other areas, such as digital security. For example, pros who take their eyes off a threat they thought they’d bested may just have it come back to haunt them later.

Consider this recent example.

The Microsoft Malware Protection Center (MMPC) has identified a rise in the number of macro-based threats. Macros are scripts which automate tasks, to infect targets with malicious code. In the olden days – pre-2001 – cyber ne’er-do-wells would send spams email containing a macro which was designed to install malware on a victim’s computer. If victims opened the file, the macro would run automatically, allowing the malware to potentially wreaking havoc on their systems.

Microsoft thought they had this problem licked with the release of Office XP. Starting with that software, the default setting for macros became “Disable all macros with notification.” That meant users were required to give permission before their machine would execute any unsigned macros, the kind favored by hackers. That change led to a decline in the number of macro-based attacks as crooks looked for other, more effective avenues to do their dirty work.

But macro attacks, like bell bottoms and swing music before them, made a comeback. An increased number of attacks began in early December and peaked at the month’s midpoint. So what changed? Nothing from a software point of view. Microsoft still disables macros by default. Hackers just got cleverer about how they deliver those macros.

Hackers began using social engineering methods to bypass Microsoft’s fix. Their gambit goes like this: They’ll give a file a name which sounds like it’s an important document, think things like wire transfer notices, shipping receipts or invoices. Once opened, the file provides step-by-step instructions to their targets on how to enable macros to run on their machine, so they can access that “important” file. When targets enable macros to read the “invoice” they’re actually giving hidden malware the ability to infect their system. That combination of the instructions, a convincing spam email message and the legit-looking file name has been enough to bring back a fading attack method.

So your tech team has done its part and provided fully updated and protected machines. But the latest security bells and whistles aren’t always enough to keep hackers out of a system. That’s especially true in cases like this one where employees have a key to let them in.

The easy answer to prevent these issues is more training. Pull employees into a session and remind them about the usual email best practices. Also, pass along some tips from the MMPC, such as the fact that most invoices or receipts typically don’t need macros so it’s good to be suspicious of any that claim they do.

Of course, saying “We need more training” is one thing. Finding the time to pull that off, especially in light of all the other areas which require IT’s attention on a daily basis, is where things get more complex.

Arraya Solutions can handle those daily to-do list items, shifting some work off IT’s plate and freeing the team up to handle tasks which may have otherwise kept getting pushed off “until tomorrow,” e.g., user training. To learn more about Arraya’s forward-thinking solutions and the super-hero level of service its engineers pride themselves on, visit www.ArrayaSolutions.com or speak to an Arraya account executive today.

Don’t forget to follow Arraya on Twitter: @ArrayaSolutions

Arraya Insights
Back to Top
Arraya Solutions logo

We combine technological expertise and personal service to educate and empower our customers to solve their individual IT challenges.

518 Township Line Road
Suite 250, Blue Bell, PA 19422

p: (866) 229-6234     f: (610) 684-8655
e: info@arrayasolutions.com

  • Careers
  • Privacy Policy
  • Contact Us

© 2025 Arraya Solutions. All rights reserved.

Facebook Twitter YouTube LinkedIn
Manage Cookie Consent
We use cookies to enhance your experience. By selecting “Accept,” you agree to our cookie policy.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}