SentinelOne News: Malware Embedded in Microsoft Office Documents | DDE Exploit (MACROLESS)
Hiding malicious code within a macro is a malware technique well-known among attackers and defenders, and even end-users have heard the message that they need to take care when opening documents from unknown sources that contain macros. Many enterprises implement a blocking policy for macros or strip VBA code found in email attachments. What is less known, however, is that attackers can embed code without the need to use a macro. In such cases, a malicious document would be able to bypass traditional defenses.
https://www.sentinelone.com/blog/malware-embedded-microsoft-office-documents-dde-exploit-macroless/