|
|
|
|
|
|
by dementiapatent
1328 days ago
|
|
|
>Do run it using a user that has no access to write/delete files and you'll see that the most malicious macro is benign. It could retrieve work from a server to start long running processes that mine cryptocurrency. And scan every IP/port on your local network and use metasploit to send matching exploits to everything it sees. And then hijack a local process running under a different user with disk write permissions. I would like to see macros restricted similar to Javascript in the browser. You can still run code and manipulate local data, but you don't get any direct access to the host OS. No disk access, no registry access, no way to create a process, only able to calculate things and change the document itself. And there must be no checkbox to disable these protections. |
|
|
1- For network privileges you can restrict user to strict network location and nothing else.
2 - For scanning it also needs privileges that can be restricted using policies.
3 - Can't send anything if it doesn't have the correct privileges.
Who's stopping you to create your own version of VBA, release it and replace Microsoft Office suite with your own defined version as you said. And in the process of doing this you'll become billionaire too.
Until then, a correctly configured Windows system is immune to all of the above.