IT Center Blog

Macros – Small word, big risk

March 10th, 2021 | by

Every now and then you hear and read about macros in Office applications, about documents in which macros are included. These are often sent by e-mail and can lead to dangerous security incidents.
Of course, RWTH Aachen University and the IT Center have taken security measures in this regard. But not everyone is aware of what macros actually are and how dangerous they are not only for private individuals but also for companies. In the following, we will inform you about the most important risks and explain how you can protect yourself.

Computer in close up


What are macros actually?

Macros are quite useful in themselves. Thus, the danger is not obvious at first glance. Tasks that would sometimes take hours or maybe even days can be completed within a few minutes or in just a few seconds with the help of macros.

A simple example of this: You have to fill out many forms and often enter your address in them. To avoid entering the address manually each time, you can save it in a macro and then insert it where it is needed by executing the macro. This can be done by keyboard shortcuts or by using the DeepL access bar.

Why and how can macros be dangerous?

Macros can store not only individual inputs, but entire programs. Such a program could download malware from the Internet without you noticing. If your active user profile additionally has administrative rights, this software can cause damage unhindered. In MS Office, there is a notification when opening a document if macros are included and the option “Disable all macros with notification” is active in the Trust Center:

Security Warnung: Macros have been disabled.

As long as you don’t click “Enable Content”, the macros remain disabled. Security warnings like this should be taken seriously, because once macros are active, potential malware can spread. For example, if an encryption Trojan is in action, all files on the computer will be encrypted and you will be denied access. Even PDF files are not completely safe from malware. For example, when opening the document, the user is informed that he or she must activate editing in order to be able to edit the document. Activation launches the macro contained in the document, which reloads a program code and starts an encryption of any other documents on the computer. This creates an extortion program that is not to be trifled with.

How do I protect myself?

If you trust the person who sent it, you might think that you can open the file and activate its contents without any worries. But beware! You should definitely take a close look at the address of the recipient, because sometimes it differs from the real e-mail address just by an inconspicuous character. Sometimes it is advisable to consult with the sender via another communication channel before opening attachments. In any case, the first step should be to refrain from opening such mail attachments without a second thought. General caution should also be exercised when unknown persons send files that were not expected to be e-mailed.

Dangerous file types include files with the extensions .bat, .exe, .vbs, .com, .ade, .adp, .cpl and .wsc . Some of these types are automatically blocked by mail programs. A trained and watchful eye, however, should not be wasted here. Even virus programs do not always detect all the threats that lurk.

Measures of the RWTH and the IT Center

The IT Center is currently preparing a measure to make people more aware of how to use macros and thus minimize the risk they pose. More information will follow in an upcoming blog post!


Responsible for the content of this article are Liza Schwarz and Jannis Hahn.

Comments are closed.