ONE SENTENCE SUMMARY:

Microsoft is disabling ActiveX controls in Office 2024 applications to enhance security against malware and unauthorized code execution risks.

MAIN POINTS:

Microsoft will disable ActiveX controls in Office 2024 apps later this month.
ActiveX, introduced in 1996, enabled interactive embedded objects in Office documents.
Word, Excel, PowerPoint, and Visio will block ActiveX entirely without notification.
A “BLOCKED CONTENT” notification will appear upon opening documents with ActiveX controls.
Microsoft advises users against opening unexpected attachments or changing ActiveX settings unnecessarily.
Existing ActiveX objects will remain visible but non-interactive, appearing as static images.
Users can manually enable ActiveX via Trust Center settings, affecting all Office apps simultaneously.
ActiveX controls have historically been exploited for zero-day vulnerabilities and malware infections.
Cybercriminals have previously used ActiveX in Word documents to deploy TrickBot malware and Cobalt Strike.
Disabling ActiveX aligns with Microsoft’s broader strategy to disable legacy Office features prone to exploitation.

Keep ActiveX controls disabled for optimal security unless absolutely necessary.
Be cautious and avoid enabling ActiveX prompted by unknown pop-ups or suspicious attachments.
Consider the security benefits of Microsoft’s ongoing removal of legacy Office vulnerabilities.
Understand that enabling ActiveX via Trust Center settings impacts all Office applications.
Recognize Microsoft’s proactive steps in mitigating malware threats by disabling risky legacy features.