Skip to content

Joomfish System Plugin not enabled Home Publications Microsoft Office365/ProPlus Auto Macro Code Execution/Protection Bypass
Microsoft Office365/ProPlus Auto Macro Code Execution/Protection Bypass
Friday, 23 August 2019 14:17

Multiple Microsoft Office Products suffer from an inappropriate default configuration that allows auto-execution of Macros. Standard users can download macro-enabled Access, Excel, PowerPoint, Word documents and bypass built-in protections without user consent, when these documents are located in specific trusted directories/locations on the host machine. It's recommended to disable 'Trusted Locations' in future Office editions. This is because users often do not use the default trusted locations, potentially leaving average users vulnerable to such attacks when there is no need.

 
[YOUR IP: 3.227.233.78: 52028] ...   [YOUR BROWSER: CCBot/2.0 (https://commoncrawl.org/faq/)] ...