Alex <mysqlstud...@gmail.com> writes: > I'm just curious if this announcement has changed anyone's thinking > about how we should be handling docx/xlsx/etc attachments in email? > This obviously doesn't prevent someone from emailing a document with a > malicious macro, but is this going to provide sufficient protection > once a potentially malicious document is received to relax email > protections a bit? > > https://www.theverge.com/2022/2/7/22922032/microsoft-block-office-vba-macros-default-change > > Are you outright blocking these attachments? Perhaps you're only > blocking those with macros? > > Is the ExtractText plugin good enough to extract potentially malicious > links to be checked?
Can you explain your thinking on the causal link and timeline from an announcement to 99.999% of actual windows systems having updated code that behaves this way? The article says "The change will apply to Office files that are downloaded from the internet and include macros" which implies that other files - which may or may not have arrived in mail - might be treated differently. It talks about Office 365. It doesn't say anything about old, unmaintained copies of Office on XP. I don't see any reason it makes sense to to lighten up on protections.
signature.asc
Description: PGP signature
