The shift in attack vectors includes JavaScript, MSI files, LNK objects, and ISOs, as Microsoft has disabled Office macros in documents downloaded from the Internet.
Some sophisticated attackers are now using other undisclosed methods to go unnoticed.
https://cybersecuritynews.com/windows-xss-flaw/