It’s very common for organisations to only give expensive MS Office licenses to a subset of employees while the rest rely on O365 or Google Docs.

Then you have people on Linux or macOS who might also use LibreOffice, Apples Office suite, or something else entirely.

And given MS Office is the de facto standard, you’ll often see people open OOXML documents within non-MS office suites.

After all, OOXML is an open standard (sarcasm).

ODF (the document formats favoured by most other office suites) is also ZIP-based XML. So they too could be vulnerable.