[spinsser]

It is a feature [0]. Microsoft office products allow for "macros" which are Visual Basic code embedded within a document or a worksheet that can be used by developers to add extra functionalities to their MS files (e.g. validate all data in a work sheet after a user clicks a specific button in the worksheet).

Just like any programming language, it could be used maliciously, and there is no easy way to distinguish which macro-enabled file is safe and which isn't (without going through the code yourself prior to enabling the functionality)

[0] https://support.office.com/en-us/article/Enable-or-disable-m...

[emodendroket]

For this exact reason docx macros are disabled by default and you have to do some enabling. Presumably there are also more sophisticated exploits that don't rely on the user dismissing multiple security warnings.

[chime]

These viruses show a blank docx file in macro-disabled mode with only one image, which says "Enable macros to view secure invoice" and shows a picture guide on how to enable macros. Some of them have better instructions than the user guides I write for my users.

[emodendroket]

Still, some user intervention is required. Assuming you found a vulnerability in Office, it'd be preferable to have a vector where the user just had to open the file.