Mac users were warned about the XML macros embedded in SYLK files in Microsoft Office for Mac. CERT Coordination Center (CERT-CC) warned Mac Users who use Microsoft Office.
XML macros can be incorporated into SYLK files
It means that there can be dangerous Extensible Markup Language (XML) macros in symbolic link (SYLK) files. Office 2011 for Mac, Office 2016 and Office 2019 for Mac fail to properly prompt the user before executing XLM macros in SYLK files. Researchers stated that even if the “disable all macros without notification” feature is active, it is possible that malicious SYLK files can be used to breach through endpoint defenses.
According to CERT-CC, If Office for the Mac has been configured to use the “Disable all macros without notification” feature, XLM macros in SYLK files are executed without prompting the user. We have confirmed this behavior with fully patched Office 2016 and Office 2019 for Mac systems.
“Disable all macros with notification” is more secure
This means when “Disable all macros without notification” feature is enabled, an unauthenticated attacker can execute arbitrary code with the privileges of the user running Excel. In other words, users may be a single click away from arbitrary code execution via a document that originated from the internet.
Although CERT/CC has not got a practical solution to this problem, they give some suggestions to Mac users. First, SYLK files can be blocked at email and web gateways to help prevent exploitation of this vulnerability. Second, use the “Disable all macros with notification” is a more secure setting on Mac systems.