Following the rollout of Microsoft’s new policy, we’ve seen attacks using archive and disk image files – including the usual suspects (ZIP and RAR), but also more obscure formats like ARJ, ACE, LZH, VHD, and XZ – accompanying a decrease in detections of popular Office formats.Īrchives can make it harder for detection products to inspect and flag malicious content – even more so with less-popular formats, as they tend to be less well-understood. XLM4 macros were also disabled by default in Microsoft 365 as of February 2022.īut threat actors have always evolved in response to security developments, and this looks like it will be no exception. So Microsoft’s announcement in February 2022 that macros in documents originating from the internet would be blocked by default came as welcome news (despite a brief rollback in July). Malicious macros in Office documents have long been a favorite tactic of threat actors.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |