After Workplace 2024 launches in October, Microsoft will disable ActiveX controls by default in Phrase, Excel, PowerPoint, and Visio consumer apps.
ActiveX is a legacy software program framework launched in 1996 that allows builders to create interactive objects that may be embedded in Workplace paperwork. Redmond will begin by turning off ActiveX controls in paperwork opened in Win32 Workplace desktop apps in October 2024, a change that can even roll out to Microsoft 365 apps in April 2025.
“Starting in new Office 2024, the default configuration setting for ActiveX objects will change from Prompt me before enabling all controls with minimal restrictions to Disable all controls without notification,” the corporate mentioned in a brand new Microsoft 365 message heart entry.
“Users will no longer be able to create or interact with ActiveX objects in Office documents when this change is implemented.”
Whereas some present ActiveX objects will proceed to seem as static pictures in Workplace paperwork, customers will not be capable to work together with them.
Nonetheless, in non-commercial variations of Workplace, they’ll obtain notifications stating, “The new default setting is equivalent to the existing DisableAllActiveX group policy setting” when ActiveX objects are blocked underneath the brand new default configuration.
As soon as the change is carried out, customers who must allow ActiveX controls in Workplace paperwork can revert to the earlier default settings by utilizing one of many following strategies:
- Within the Belief Heart Settings dialog, underneath ActiveX Settings, choose the ‘Immediate me earlier than enabling all controls with minimal restrictions’ choice.
- Within the registry, set HKEY_CURRENT_USERSoftwareMicrosoftOfficeCommonSecurityDisableAllActiveX to 0 (REG_DWORD).
- Set the ‘Disable All ActiveX’ group coverage setting to 0.
This alteration was probably prompted by ActiveX’s well-known safety points, akin to zero-day vulnerabilities exploited by Andariel North Korean hackers to deploy information-stealing malware.
Attackers have additionally used ActiveX controls embedded in Phrase paperwork to set up TrickBot malware and Cobalt Strike beacons to infiltrate enterprise networks,
The transfer is a part of a broader effort to take away or flip off Workplace and Home windows options that menace actors have abused to contaminate Microsoft clients with malware. It dates again to 2018 when Microsoft expanded assist for its Antimalware Scan Interface (AMSI) to Workplace 365 consumer apps to thwart assaults that used Workplace VBA macros.
Since then, Redmond has additionally disabled Excel 4.0 (XLM) macros, began blocking VBA Workplace macros by default, launched XLM macro safety, and commenced blocking untrusted XLL add-ins by default throughout Microsoft 365 tenants worldwide.
It additionally introduced in Might that it’s going to kill off VBScript within the second half of 2024 by making it an on-demand characteristic till it is utterly eliminated.
