No, it's never safe to run random macros. Macros arguably used to be the biggest initial attack vector for threat actors. Maybe still are. Microsoft built a ton of mitigation around it (macros are only allowed in docs with special extensions, macros must be activated by the user, only signed macros will be activated, mark of the web, etc.).

It's not any different just untenable. IT departments tend to block all threat-vectors, with the exception of excel macros as even the most basic user use macros in their day to day job.

A better diffentiating factor would be who developed the macro. If it's built in house by someone merely using it to make their lives easier it's doubtful they inserted malicious code. I guess ideally IT should review the code.

Can you call os level functions from an excel macro?

Can you access raw memory from it?

If the answer to either of those is no, then that’s a big difference.

You can call any native or COM function from VBA, the only real limitation is that it's strictly single-threaded(-ish).

Yes you can. VBA can make the same Win32 API calls as VB6. Something I exploited back in the tail end of the 90s.

COM/OLE. Old as hell. Macro viruses in Office/Outlook has been a shitfest since late 90's.

You can call Windows API functions from VBA.

The "difference" is only an advantage to attackers, in that executables are typically blocked as email attachments and Office macros are not.

Here's a ransomware incident report from someone opening an Excel document with macros enabled:

https://thedfirreport.com/2023/05/22/icedid-macro-ends-in-no...