Malicious Macro-Enabled Docs Delivered via Container Files to Bypass Microsoft Protections


Initially announced in February, the macro-blocking feature is meant to prevent phishing attacks by making it more difficult for users to enable macros in documents received from the internet.

Small snippets of code embedded in Office documents, macros have long been abused by threat actors in phishing attacks and for malware delivery.

In 2016, Microsoft disabled the automated execution of macros in Office documents received from the Internet, but has allowed users to enable them with a single click.