Microsoft has announced several steps they are taking to improve the default security of Office document and Windows systems by protecting them against malicious macros and LOL-bins attacks.
Microsoft Office to block macros for all Internet documents
Microsoft is changing the default behaviour of Office applications that can contain VBA macros. Currently when a user attempts to open a document containing a macro, a yellow warning bar is displayed with a security warning advising that macros have been disabled, adjacent to a large Enable Content button which many users simply click on auto pilot and invite malware into their systems.
Starting in April 2022, this behaviour will change and documents that have been downloaded from the internet will display a red Security Risk banner warning that macros have been block and, crucially, while there is a ‘Learn More’ button there is no easy way for the user to enable the macros.
You can also turn on this behaviour now with a policy change in Microsoft 365.
WMIC to be removed from Windows systems
The command line interface for Windows Management Instrumentation (wmic) is being removed from Windows computers starting with Windows 10, version 21H1, and as of the 21H1 semi-annual channel release of Windows Server.
WMIC is being superseded by a more secure PowerShell interface (the WMI subsystem is not going anywhere – it is just the WMIC command line tool that is being retired)
WMIC is included in Microsoft’s list of Windows features they are no longer developing.