Viewing a single comment thread. View all comments

OffgridRadio t1_ita4gvk wrote

Reply to comment by [deleted] in 'Fully undetectable' Windows backdoor gets detected by Loki-L

Yes but this particular exploit and related exploits for office/outlook are literally now in every corporate end-user IT security training. It is literally a ubiquitous problem.

In 25 years in IT I have never seen a legitimate use for a user-level command script launched from a word document.

1

designer-pad t1_ita5qwh wrote

I see your point. I’d challenge Microsoft to show a legitimate use case or scrap that feature. Their must be something there. Maybe they are leaving the door open for some business automation? (No shit, right?) It seams to me that some of Microsoft’s ideas include looking at applications already out there and thinking of ways to allow their products to do the same thing. So Enterprise Microsoft Customers can automate processes in a way that lets them avoid licensing other software. Usually its probably more a pain in the ass and takes a lot of time to find a way to automate everything using Microsoft Office, but if the stars align (Engineers with some down time, and the end project wont be frustrating) it could be worth it to keep the option open.

Have you heard of many stories of this being exploited in the wild? Why not just disable Macros with Group Policy?

1

OffgridRadio t1_ita6dzz wrote

Well as you said Macros are legit useful, I built a career on a foundation of automating dull work. Don't need to remove them entirely just don't need to expose operating system level commands to it!

1

FascistFeet t1_itcub7m wrote

Do you automate for one company or many?

2

OffgridRadio t1_itcuia5 wrote

Right now one. Our CEO has gone mad? and is crying about how we have to be in an office. I already moved lol. So maybe soon, many!

The contract side of what I do makes 10x as much. My boss and I talk about it a lot. We like our jobs and want to stay but we aren't afraid of the company getting weird.

1