Updated July 20, 2022:
We’re resuming the rollout of this change in Current Channel. Based on our review of customer feedback, we’ve made updates to both our end user and our IT admin documentation...
Updated Jul 20, 2022
Version 9.0
Blog Post
PhoebeYuan Please could you urgently confirm whether digital signatures applied to the VBA project of .xlsm files are vulnerable to the same signature spoofing attack highlighted in this article:
https://www.theregister.com/2023/06/13/office_open_xml_signatures/
It is unclear whether this vulnerability affects only the signing of the document content or if VBA signatures are also affected.
After Microsoft blocked macro enabled files with MOTW by default, we invested in a code signing certificate to reduce reluctance by our clients' IT teams to trust our financial model from a security perspective.
If VBA project signatures are rendered insecure by this vulnerability, it will have a severely detrimental impact on our business.
Thanks,
Vince