After Workplace 2024 launches in October, Microsoft will disable ActiveX controls by default in Phrase, Excel, PowerPoint, and Visio consumer apps.
ActiveX is a legacy software program framework launched in 1996 that allows builders to create interactive objects that may be embedded in Workplace paperwork. Redmond will begin by turning off ActiveX controls in paperwork opened in Win32 Workplace desktop apps in October 2024, a change that may even roll out to Microsoft 365 apps in April 2025.
“Beginning in new Workplace 2024, the default configuration setting for ActiveX objects will change from Immediate me earlier than enabling all controls with minimal restrictions to Disable all controls with out notification,” the corporate stated in a brand new Microsoft 365 message heart entry.
“Customers will not be capable of create or work together with ActiveX objects in Workplace paperwork when this transformation is carried out.”
Whereas some current ActiveX objects will proceed to seem as static photos in Workplace paperwork, customers will not be capable of work together with them.
Nonetheless, in non-commercial variations of Workplace, they are going to obtain notifications stating, “The brand new default setting is equal to the present DisableAllActiveX group coverage setting” when ActiveX objects are blocked underneath the brand new default configuration.
As soon as the change is carried out, customers who have to allow ActiveX controls in Workplace paperwork can revert to the earlier default settings by utilizing one of many following strategies:
- Within the Belief Middle Settings dialog, underneath ActiveX Settings, choose the ‘Immediate me earlier than enabling all controls with minimal restrictions’ choice.
- Within the registry, set HKEY_CURRENT_USERSoftwareMicrosoftOfficeCommonSecurityDisableAllActiveX to 0 (REG_DWORD).
- Set the ‘Disable All ActiveX’ group coverage setting to 0.
This modification was possible prompted by ActiveX’s well-known safety points, similar to zero-day vulnerabilities exploited by Andariel North Korean hackers to deploy information-stealing malware.
Attackers have additionally used ActiveX controls embedded in Phrase paperwork to set up TrickBot malware and Cobalt Strike beacons to infiltrate enterprise networks,
The transfer is a part of a broader effort to take away or flip off Workplace and Home windows options that menace actors have abused to contaminate Microsoft clients with malware. It dates again to 2018 when Microsoft expanded assist for its Antimalware Scan Interface (AMSI) to Workplace 365 consumer apps to thwart assaults that used Workplace VBA macros.
Since then, Redmond has additionally disabled Excel 4.0 (XLM) macros, began blocking VBA Workplace macros by default, launched XLM macro safety, and commenced blocking untrusted XLL add-ins by default throughout Microsoft 365 tenants worldwide.
It additionally introduced in Could that it’s going to kill off VBScript within the second half of 2024 by making it an on-demand function till it is fully eliminated.