|
|
|
|
|
|
by FreakLegion
1594 days ago
|
|
|
> around ~350 are _remote_ execution exploits with their own CVE ID, meaning another VBA API or programming paradigm was affected and downloaded and executed code remotely without the user noticing Exploits and macros are orthogonal. Macros don't require exploits to run, and I've never seen an exploit bother running a macro. It already owns the process at that point. It can do anything it wants. > The reason why Microsoft took so long to deprecate these VBA APIs Microsoft isn't deprecating anything, just disabling macros for files with ZoneId=3. This won't be a particularly effective change in the near term given the practical realities of how people work*, but it's long overdue. * Roughly what will happen at mid-sized+ companies: 1) New feature is enabled. 2) New feature breaks a bunch of existing workflows. 3) IT is flooded with tickets. 4) New feature is disabled with plans to redeploy with exceptions for finance and other teams whose workflows were broken. 5) Everyone gets busy with other projects and new feature is never revisited. |
|
|