A critical security flaw in Microsoft Office for Mac puts users at risk of remote attacks, researchers with Carnegie Mellon University’s CERT Coordination Center (CERT/CC) have discovered. The flaw affects various Office for Mac versions, including Office 2016 and Office 2019.
Ironically, the issue impacts users who have configured Microsoft Excel to block potential attacks exploiting XLM, an old macro format. Instead of blocking such attacks, the setting will actually enable XLM macros to run without notifying the user. Attackers can take advantage of this issue by trying to manipulate Mac users into opening malicious Microsoft Excel documents. For instance, threat actors could send out phishing emails with malicious documents attached. If a user opens a malicious document, the attacker will be able to gain access to their machine. Will Dormann of CERT/CC warns that “attackers can do anything that they want by exploiting this issue,” including installing malware and stealing private data. Microsoft has acknowledged the report and stated that it “will provide updates for impacted devices as soon as possible.”
Read more: Microsoft Security Setting Ironically Increases Risks for Office for Mac Users