As someone who never did anything dodgy with a computer in my time. Its cos Microsoft files opened not in protected views can embed and execute macros. These macros are essentially a remote code execution. Mostly not used anymore (defaults to disabled macros) but plenty of large orgs still have macros enabled cos legacy bullshit.
U can do similar with some font formats, screensavers, and a multitude of unexpected things that most people think are completely safe. That’s how linustechtips was got rce through screensaver disguised as PDF that installed a rat and token stealer that stole live YouTube session tokens. U can also use the victim device as an exit for routing traffic as a reverse proxy so tokens appear to be coming from the same device to avoid triggering security warnings.
Tldr don’t enable it for random files from dubious sources and check the file extensions else u will get hacked.
As someone who never did anything dodgy with a computer in my time. Its cos Microsoft files opened not in protected views can embed and execute macros. These macros are essentially a remote code execution. Mostly not used anymore (defaults to disabled macros) but plenty of large orgs still have macros enabled cos legacy bullshit.
U can do similar with some font formats, screensavers, and a multitude of unexpected things that most people think are completely safe. That’s how linustechtips was got rce through screensaver disguised as PDF that installed a rat and token stealer that stole live YouTube session tokens. U can also use the victim device as an exit for routing traffic as a reverse proxy so tokens appear to be coming from the same device to avoid triggering security warnings.
Tldr don’t enable it for random files from dubious sources and check the file extensions else u will get hacked.
So disable macros until enabled. But protected view won’t even let you edit a text document.
Yeah Idk why that is all I know is macros will ruin ur life if ur not careful. Luckily I run QubesOS so not a problem I’m too concerned with.