The MotW also makes sure that Office documents that are marked with the MotW will be opened in Protected View, which automatically enables read-only mode and means that all macros will be disabled until the user allows them.<\/p>\n For years, attackers were able to bypass the MotW by putting their malicious files in archives. This worked because the MotW is in fact another file that is attached to the main file as an Alternate Data Stream (ADS)<\/a>, and over the years we have seen many vulnerabilities in archivers where the ADS didn’t pass on the individual files when the archive was decompressed.<\/p>\n The same is true this time. Only the attacker will have to prepare an especially crafted nested archive. A nested archive means there is an open archive inside another open archive. Exploitation of the vulnerability also requires user interaction, meaning the target will have to visit a malicious page or open a malicious file.<\/p>\n If you’re a Windows user, check whether you are using version 7-Zip 24.09<\/a> or later. If you’re not, then they’ll need to update.<\/p>\n 7-Zip does not have an auto-update function, so you will have to download the version that is suitable for your system from the 7-Zip downloads page<\/a>.<\/p>\n There are some general safety tips to keep in mind when you\u2019re handling archived files on a regular basis:<\/p>\n We don\u2019t just report on threats\u2014we remove them<\/strong><\/p>\n Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today<\/a>.<\/p>\n![\"Security](\"https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2022\/02\/Unblock_VBA_macros.png?w=379\")
Other security measures<\/h2>\n
\n
![\"Malwarebytes](\"https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2025\/01\/scan-archives.png\")
\n
\n