Source: BleepingComputer Author: Sergiu Gatlan URL: https://www.bleepingcomputer.com/news/microsoft/microsoft-blocks-activex-by-default-in-microsoft-365-office-2024/
-
ONE SENTENCE SUMMARY: Microsoft is disabling ActiveX controls in Office 2024 applications to enhance security against malware and unauthorized code execution risks.
-
MAIN POINTS:
-
Microsoft will disable ActiveX controls in Office 2024 apps later this month.
-
ActiveX, introduced in 1996, enabled interactive embedded objects in Office documents.
-
Word, Excel, PowerPoint, and Visio will block ActiveX entirely without notification.
-
A “BLOCKED CONTENT” notification will appear upon opening documents with ActiveX controls.
-
Microsoft advises users against opening unexpected attachments or changing ActiveX settings unnecessarily.
-
Existing ActiveX objects will remain visible but non-interactive, appearing as static images.
-
Users can manually enable ActiveX via Trust Center settings, affecting all Office apps simultaneously.
-
ActiveX controls have historically been exploited for zero-day vulnerabilities and malware infections.
-
Cybercriminals have previously used ActiveX in Word documents to deploy TrickBot malware and Cobalt Strike.
-
Disabling ActiveX aligns with Microsoft’s broader strategy to disable legacy Office features prone to exploitation.
-
TAKEAWAYS:
-
Keep ActiveX controls disabled for optimal security unless absolutely necessary.
-
Be cautious and avoid enabling ActiveX prompted by unknown pop-ups or suspicious attachments.
-
Consider the security benefits of Microsoft’s ongoing removal of legacy Office vulnerabilities.
-
Understand that enabling ActiveX via Trust Center settings impacts all Office applications.
-
Recognize Microsoft’s proactive steps in mitigating malware threats by disabling risky legacy features.