You can solve the vulnerability by making the setting "Disable all macros without notification". This must be done separately for Word and Excel.
The default setting "Disable all macros with notification" is not sufficient in this case, as potentially dangerous macros could be activated with one click in the notification.
