CyberSecurityBoard
Sponsor Register Login

Microsoft blocks ActiveX by default in Microsoft 365, Office 2024

Microsoft also warned Office users in a separate support document not to open unexpected file attachments or change ActiveX settings when prompted by random pop-ups and unknown people. Microsoft announced it will begin disabling all ActiveX controls in Windows versions of Microsoft 365 and Office 2024 applications later this month. Since then, Redmond has also started blocking VBA Office macros by default, introduced XLM macro protection, disabled Excel 4.0 (XLM) macros, and began blocking untrusted XLL add-ins by default across Microsoft 365 tenants. Introduced almost three decades ago, in 1996, ActiveX is a legacy software framework enabling developers to create interactive objects embedded in Office documents. The decision to disable it by default was likely prompted by ActiveX's well-known security issues, including zero-day vulnerabilities that were exploited by various state-backed and financially motivated threat groups to deploy malware. Some existing ActiveX objects will still be visible as a static image, but it will not be possible to interact with them," said Zaeem Patel, a product manager on the Office Security team. It goes back to 2018 when Microsoft expanded support for its Antimalware Scan Interface (AMSI) to Office 365 client apps to thwart attacks using Office VBA macros. "For optimal security, Microsoft strongly encourages leaving ActiveX controls disabled unless absolutely necessary," Microsoft cautioned. This move is also a much broader effort to remove or turn off Windows and Office features that attackers have abused to infect Microsoft customers with malware. "When ActiveX is disabled, you will no longer be able to create or interact with ActiveX objects in Microsoft 365 files. After this change rolls out, ActiveX will be blocked entirely and without notification in Word, Excel, PowerPoint, and Visio to reduce the risk of malware or unauthorized code execution. Select ActiveX Settings, then ensure "Prompt me before enabling all controls with minimal restrictions" is enabled.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 15 Apr 2025 17:00:23 +0000


Cyber News related to Microsoft blocks ActiveX by default in Microsoft 365, Office 2024

Microsoft blocks ActiveX by default in Microsoft 365, Office 2024 - Microsoft also warned Office users in a separate support document not to open unexpected file attachments or change ActiveX settings when prompted by random pop-ups and unknown people. Microsoft announced it will begin disabling all ActiveX controls ...
6 hours ago Bleepingcomputer.com
CVE-2022-48826 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago
Microsoft Office 2024 now available for Windows and macOS users - As announced earlier in September, starting in Office 2024, Microsoft will also turn off ActiveX controls by default in Word, Excel, PowerPoint, and Visio client apps, a measure likely prompted by ActiveX's well-known security issues. Last month, ...
6 months ago Bleepingcomputer.com
Microsoft 365 To Block Downloaded Excel XLL Add-Ins To Boost Security - Microsoft has recently announced that in order to help improve security, Microsoft 365 is now blocking the download of XLL add-ins for Excel on both Window PCs and Apple Macs. This new feature will be put into effect early 2021, affecting both Office ...
2 years ago Bleepingcomputer.com
Veeam adds BaaS capabilities for Veeam Backup for Microsoft 365 - Veeam Software has expanded its relationship with Microsoft. Veeam is making it easier for customers to protect Microsoft 365 with Cirrus by Veeam which brings the ease and flexibility of Backup-as-a-Service for Microsoft 365. Utilizing the power and ...
1 year ago Helpnetsecurity.com
New Microsoft Incident Response guides help security teams analyze suspicious activity - Today Microsoft Incident Response are proud to introduce two one-page guides to help security teams investigate suspicious activity in Microsoft 365 and Microsoft Entra. These guides contain the artifacts that Microsoft Incident Response hunts for ...
1 year ago Microsoft.com
Microsoft launches ad-supported Office apps for Windows users - Microsoft has released ad-supported versions of its Office desktop apps, which have limited features but allow Windows users to edit their documents for free. While Microsoft allows customers to use Word, Excel, PowerPoint, and other Microsoft ...
1 month ago Bleepingcomputer.com
Microsoft deprecates Defender Application Guard for Office - Microsoft is deprecating Defender Application Guard for Office and the Windows Security Isolation APIs, and it recommends Defender for Endpoint attack surface reduction rules, Protected View, and Windows Defender Application Control as an ...
1 year ago Bleepingcomputer.com
Microsoft fixes Outlook Desktop crashes when sending emails - Microsoft has fixed a known issue causing Outlook Desktop clients to crash when sending emails from Outlook.com accounts. These problems were first reported on Microsoft's community website and other social networks by customers saying they were ...
1 year ago Bleepingcomputer.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com
Microsoft: Licensing issue blocks Microsoft 365 Family for some users - Microsoft is investigating a potential licensing issue blocking access to Microsoft 365 services for some customers with Family subscriptions. After a massive wave of user reports on social media and the company's community website, Microsoft ...
5 days ago Bleepingcomputer.com
​​Microsoft named as a Leader in three IDC MarketScapes for Modern Endpoint Security 2024 - With these security concerns top of mind, there is no surprise that in the last five years, the Modern Endpoint Security market has nearly tripled in size to defend against emerging, sophisticated, and persistent threats. Microsoft Defender for ...
1 year ago Techcommunity.microsoft.com
$25M gone in 12 seconds! Brothers accused of Ethereum heist The Register - These transactions are grouped onto blocks that are chained together, hence the name. As the name suggests, validator bots attest that proposed blocks of Ethereum transactions are valid and send those blocks to a committee of fellow validators to ...
10 months ago Go.theregister.com
Microsoft Services Down: Xbox, Azure, Teams, Office 365 Experiencing Technical Difficulties - Microsoft services including Xbox, Azure and Office 365 are reportedly down. Several Microsoft users have started to complain about technical difficulties online. Many of them have mentioned that they can no longer sign in to Xbox and other Microsoft ...
2 years ago Hackread.com
Checking Microsoft Office for Outdated Versions While Maintaining Privacy - Microsoft has released an update, KB5021751, which is designed to identify the number of customers running Office versions that are outdated or close to their end of support. This update is only installed on systems where Office 2013, Office 2010, or ...
2 years ago Bleepingcomputer.com
Government Quash All Post Office Horizon Convictions - It comes after the government in July 2021 had promised to compensate those postmasters who had their Horizon-related convictions overturned. The Government said this week it has committed to making sure these convictions are overturned by the end of ...
1 year ago Silicon.co.uk
Microsoft links recent Microsoft 365 outage to buggy update - While Microsoft resolved the Microsoft 365 authentication problems over the weekend, another advisory published on the admin center states that Exchange Online users still have issues accessing their calendar entries and email messages using the iOS ...
1 month ago Bleepingcomputer.com
Microsoft announces Office LTSC 2024 preview starting next month - Microsoft announced that Office LTSC 2024, the next Office LTSC release, will enter a commercial preview phase starting next month and will be generally available later this year. This forthcoming Office LTSC release will have fewer features than the ...
1 year ago Bleepingcomputer.com
Microsoft: New Windows scheduled task will launch Office apps faster - "We are introducing a new Startup Boost task from the Microsoft Office installer to optimize performance and load-time of experiences within Office applications," Microsoft says on the Microsoft 365 message center. However, Microsoft says this ...
2 weeks ago Bleepingcomputer.com
Microsoft 365 Family Subscriptions Users Hit by Licensing Glitch Denies Services - The issue appears to be isolated to users with Microsoft 365 Family subscriptions, affecting their ability to access services like Word, Excel, PowerPoint, and OneDrive. Microsoft 365 Family subscribers are currently facing disruptions in accessing ...
5 days ago Cybersecuritynews.com
Microsoft: Outlook email sending issues for users with lots of folders - Microsoft has acknowledged a new issue affecting Outlook for Microsoft 365 users and causing email-sending problems for those with too many nested folders. According to Redmond, this is likely related to an older issue concerning mailboxes with more ...
1 year ago Bleepingcomputer.com
CVE-2018-0922 - Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word ...
4 years ago
Microsoft 365 Outage - Admins are Unable to Access the Microsoft 365 Admin Center - We’re routing traffic to alternate infrastructure as a potential mitigation,” Microsoft stated in the update, directing users to for more details or to follow incident ID MO1056087 if the Admin Center is accessible. We're investigating an ...
3 hours ago Cybersecuritynews.com
Microsoft warns of CPU spikes when typing in classic Outlook - In recent months, the company also addressed a slew of other Microsoft 365 and Office issues, including a widespread licensing issue blocking access to Microsoft 365 services for some customers with Family subscriptions and a bug triggering Outlook ...
9 hours ago Bleepingcomputer.com
Microsoft reveals how hackers breached its Exchange Online accounts - Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign. On January 12, 2024, Microsoft ...
1 year ago Bleepingcomputer.com APT29

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)