Microsoft has surprised key parts of the security community with its decision to quietly reverse course and allow untrusted macros to open by default in Word and other Office applications.

In February, software developer announced significant changes it said were introduced to combat the growing scourge of ransomware and other malware attacks. From now on, macros downloaded from the Internet will be completely disabled by default. While Office previously provided warning banners that could be ignored by clicking a button, the new warnings don’t provide a way to enable macros.

“We will continue to tailor our user experience for macros, as we did here, to make it harder for users to attract malicious code through social engineering, while maintaining a path for legitimate macros to be enabled when needed through Editors. Trusted and/or Trusted Locations,” Office Program Director Tristan Davies of Microsoft wrote. explaining the reason for the move.

Security professionals, some of whom have spent the past two decades watching customers and employees get infected with ransomware, cleaners and spyware with frustrating regularity, welcomed the change.

“Very poor management of the product”

Now, citing undisclosed “comments”, Microsoft has quietly changed course. In comments like this one posted Wednesday for the February announcement, multiple Microsoft employees wrote: “Based on feedback, we are removing these changes from production for the current channel. We appreciate the feedback we’ve received so far and are working to improve this experience.

The brief acknowledgment came in response to user feedback asking why the new viewpoint don’t look the same anymore. Microsoft officials did not respond to questions from forum users about what the comment was that led to the cancellation or why Microsoft had not announced it before the change was implemented.

After learning that Microsoft had lifted the lockdown, Vince Hardwick alerted the company. “Undoing a recently introduced default behavior change without at least announcing that the undo is coming is very poor product management,” the user wrote. “I appreciate your apology, but it really wasn’t necessary as this is nothing new for Microsoft.”

On social media, security experts lamented the blow. This Tweeter was the head of Google’s threat analysis group, which investigates nation-state-sponsored hacking.

“Sad decision,” Googler Shane Huntley wrote. “Blocking Office macros would do infinitely more to protect against real threats than all the threat intelligence blog posts.”

However, not all experienced defenders criticize the play. Jake Williams, a former NSA hacker who is now executive director of cyber threat intelligence at security firm SCYTHE, said the change was necessary because the previous schedule was too aggressive for such a big change.

“While it’s not the best for security, it’s exactly what many of Microsoft’s largest customers need,” Williams told Ars. “The decision to disable macros by default will affect thousands (more?) of business-critical workflows. It takes longer until sunset. “

Microsoft PR has not commented on the changes in the nearly 24 hours since they first appeared.