The Foundation sees this as a contradiction to the EU’s own interoperability goals. Although XLSX is standardized as OOXML according to ISO/IEC 29500, Microsoft’s implementations often deviate from the specifications. Furthermore, features often change undocumented, which complicates compatibility with open-source software such as LibreOffice.
Usually the common vulnerability is a combination of Outlook and Active Directory. Outlook will happily execute whatever users click upon and AD lets them steal their credentials, to simplify things.