Microsoft Office for Mac users are being warned that malicious SYLK files are sneaking past endpoint defenses even when the “disable all macros without notification” is turned on. This leaves systems vulnerable to a remote, unauthenticated attackers who can execute arbitrary code.
The warning comes from United States Computer Emergency Readiness Team (US-CERT), which said that symbolic link (SYLK) files can contain dangerous Excel macros.
“XLM macros can be incorporated into SYLK files,” wrote CERT on Friday. “Macros in the SYLK format are problematic in that Microsoft Office does not open in Protected View to help protect users.”