For this exact reason docx macros are disabled by default and you have to do some enabling. Presumably there are also more sophisticated exploits that don't rely on the user dismissing multiple security warnings.
These viruses show a blank docx file in macro-disabled mode with only one image, which says "Enable macros to view secure invoice" and shows a picture guide on how to enable macros. Some of them have better instructions than the user guides I write for my users.
Still, some user intervention is required. Assuming you found a vulnerability in Office, it'd be preferable to have a vector where the user just had to open the file.
