After Workplace 2024 launches in October, Microsoft will disable ActiveX controls by default in Phrase, Excel, PowerPoint, and Visio shopper apps.
ActiveX is a legacy software program framework launched in 1996 that allows builders to create interactive objects that may be embedded in Workplace paperwork. Redmond will begin by turning off ActiveX controls in paperwork opened in Win32 Workplace desktop apps in October 2024, a change that will even roll out to Microsoft 365 apps in April 2025.
“Beginning in new Workplace 2024, the default configuration setting for ActiveX objects will change from Immediate me earlier than enabling all controls with minimal restrictions to Disable all controls with out notification,” the corporate stated in a brand new Microsoft 365 message middle entry.
“Customers will now not be capable to create or work together with ActiveX objects in Workplace paperwork when this alteration is carried out.”
Whereas some current ActiveX objects will proceed to seem as static photographs in Workplace paperwork, customers will now not be capable to work together with them.
Nonetheless, in non-commercial variations of Workplace, they’ll obtain notifications stating, “The brand new default setting is equal to the present DisableAllActiveX group coverage setting” when ActiveX objects are blocked below the brand new default configuration.
As soon as the change is carried out, customers who have to allow ActiveX controls in Workplace paperwork can revert to the earlier default settings by utilizing one of many following strategies:
- Within the Belief Heart Settings dialog, below ActiveX Settings, choose the ‘Immediate me earlier than enabling all controls with minimal restrictions’ choice.
- Within the registry, set HKEY_CURRENT_USERSoftwareMicrosoftOfficeCommonSecurityDisableAllActiveX to 0 (REG_DWORD).
- Set the ‘Disable All ActiveX’ group coverage setting to 0.
This alteration was probably prompted by ActiveX’s well-known safety points, resembling zero-day vulnerabilities exploited by Andariel North Korean hackers to deploy information-stealing malware.
Attackers have additionally used ActiveX controls embedded in Phrase paperwork to set up TrickBot malware and Cobalt Strike beacons to infiltrate enterprise networks,
The transfer is a part of a broader effort to take away or flip off Workplace and Home windows options that risk actors have abused to contaminate Microsoft clients with malware. It dates again to 2018 when Microsoft expanded help for its Antimalware Scan Interface (AMSI) to Workplace 365 shopper apps to thwart assaults that used Workplace VBA macros.
Since then, Redmond has additionally disabled Excel 4.0 (XLM) macros, began blocking VBA Workplace macros by default, launched XLM macro safety, and commenced blocking untrusted XLL add-ins by default throughout Microsoft 365 tenants worldwide.
It additionally introduced in Might that it’ll kill off VBScript within the second half of 2024 by making it an on-demand function till it is utterly eliminated.