CyberSecurityBoard
Sponsor Register Login

Microsoft blocks ActiveX by default in Microsoft 365, Office 2024

Microsoft also warned Office users in a separate support document not to open unexpected file attachments or change ActiveX settings when prompted by random pop-ups and unknown people. Microsoft announced it will begin disabling all ActiveX controls in Windows versions of Microsoft 365 and Office 2024 applications later this month. Since then, Redmond has also started blocking VBA Office macros by default, introduced XLM macro protection, disabled Excel 4.0 (XLM) macros, and began blocking untrusted XLL add-ins by default across Microsoft 365 tenants. Introduced almost three decades ago, in 1996, ActiveX is a legacy software framework enabling developers to create interactive objects embedded in Office documents. The decision to disable it by default was likely prompted by ActiveX's well-known security issues, including zero-day vulnerabilities that were exploited by various state-backed and financially motivated threat groups to deploy malware. Some existing ActiveX objects will still be visible as a static image, but it will not be possible to interact with them," said Zaeem Patel, a product manager on the Office Security team. It goes back to 2018 when Microsoft expanded support for its Antimalware Scan Interface (AMSI) to Office 365 client apps to thwart attacks using Office VBA macros. "For optimal security, Microsoft strongly encourages leaving ActiveX controls disabled unless absolutely necessary," Microsoft cautioned. This move is also a much broader effort to remove or turn off Windows and Office features that attackers have abused to infect Microsoft customers with malware. "When ActiveX is disabled, you will no longer be able to create or interact with ActiveX objects in Microsoft 365 files. After this change rolls out, ActiveX will be blocked entirely and without notification in Word, Excel, PowerPoint, and Visio to reduce the risk of malware or unauthorized code execution. Select ActiveX Settings, then ensure "Prompt me before enabling all controls with minimal restrictions" is enabled.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 15 Apr 2025 17:00:23 +0000


Cyber News related to Microsoft blocks ActiveX by default in Microsoft 365, Office 2024

Microsoft blocks ActiveX by default in Microsoft 365, Office 2024 - Microsoft also warned Office users in a separate support document not to open unexpected file attachments or change ActiveX settings when prompted by random pop-ups and unknown people. Microsoft announced it will begin disabling all ActiveX controls ...
2 months ago Bleepingcomputer.com
CVE-2022-48826 - In the Linux kernel, the following vulnerability has been resolved: ...
6 months ago
Microsoft: Office 2016 and Office 2019 reach end of support in October - You can also switch to Office 2024, a standalone Office version released in October 2024 for small businesses and consumers without a Microsoft 365 subscription. This version includes locked-in-time versions of Word, Excel, PowerPoint, ...
2 months ago Bleepingcomputer.com
Microsoft Office 2024 now available for Windows and macOS users - As announced earlier in September, starting in Office 2024, Microsoft will also turn off ActiveX controls by default in Word, Excel, PowerPoint, and Visio client apps, a measure likely prompted by ActiveX's well-known security issues. Last month, ...
8 months ago Bleepingcomputer.com
Microsoft 365 To Block Downloaded Excel XLL Add-Ins To Boost Security - Microsoft has recently announced that in order to help improve security, Microsoft 365 is now blocking the download of XLL add-ins for Excel on both Window PCs and Apple Macs. This new feature will be put into effect early 2021, affecting both Office ...
2 years ago Bleepingcomputer.com
Veeam adds BaaS capabilities for Veeam Backup for Microsoft 365 - Veeam Software has expanded its relationship with Microsoft. Veeam is making it easier for customers to protect Microsoft 365 with Cirrus by Veeam which brings the ease and flexibility of Backup-as-a-Service for Microsoft 365. Utilizing the power and ...
1 year ago Helpnetsecurity.com
New Microsoft Incident Response guides help security teams analyze suspicious activity - Today Microsoft Incident Response are proud to introduce two one-page guides to help security teams investigate suspicious activity in Microsoft 365 and Microsoft Entra. These guides contain the artifacts that Microsoft Incident Response hunts for ...
1 year ago Microsoft.com
Microsoft launches ad-supported Office apps for Windows users - Microsoft has released ad-supported versions of its Office desktop apps, which have limited features but allow Windows users to edit their documents for free. While Microsoft allows customers to use Word, Excel, PowerPoint, and other Microsoft ...
3 months ago Bleepingcomputer.com
Microsoft deprecates Defender Application Guard for Office - Microsoft is deprecating Defender Application Guard for Office and the Windows Security Isolation APIs, and it recommends Defender for Endpoint attack surface reduction rules, Protected View, and Windows Defender Application Control as an ...
1 year ago Bleepingcomputer.com
Microsoft fixes Outlook Desktop crashes when sending emails - Microsoft has fixed a known issue causing Outlook Desktop clients to crash when sending emails from Outlook.com accounts. These problems were first reported on Microsoft's community website and other social networks by customers saying they were ...
1 year ago Bleepingcomputer.com
Microsoft: Licensing issue blocks Microsoft 365 Family for some users - Microsoft is investigating a potential licensing issue blocking access to Microsoft 365 services for some customers with Family subscriptions. After a massive wave of user reports on social media and the company's community website, Microsoft ...
2 months ago Bleepingcomputer.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com
$25M gone in 12 seconds! Brothers accused of Ethereum heist The Register - These transactions are grouped onto blocks that are chained together, hence the name. As the name suggests, validator bots attest that proposed blocks of Ethereum transactions are valid and send those blocks to a committee of fellow validators to ...
1 year ago Go.theregister.com
​​Microsoft named as a Leader in three IDC MarketScapes for Modern Endpoint Security 2024 - With these security concerns top of mind, there is no surprise that in the last five years, the Modern Endpoint Security market has nearly tripled in size to defend against emerging, sophisticated, and persistent threats. Microsoft Defender for ...
1 year ago Techcommunity.microsoft.com
Microsoft Services Down: Xbox, Azure, Teams, Office 365 Experiencing Technical Difficulties - Microsoft services including Xbox, Azure and Office 365 are reportedly down. Several Microsoft users have started to complain about technical difficulties online. Many of them have mentioned that they can no longer sign in to Xbox and other Microsoft ...
2 years ago Hackread.com
Microsoft 365 Hit By Major Outage Impacting Teams, OneDrive, & SharePoint - The company has advised administrators and users to monitor the Microsoft 365 Admin Center for ongoing updates under the issue ID MO1068615. Users across various regions are currently experiencing significant disruptions to Microsoft 365 services, ...
1 month ago Cybersecuritynews.com
Government Quash All Post Office Horizon Convictions - It comes after the government in July 2021 had promised to compensate those postmasters who had their Horizon-related convictions overturned. The Government said this week it has committed to making sure these convictions are overturned by the end of ...
1 year ago Silicon.co.uk
Checking Microsoft Office for Outdated Versions While Maintaining Privacy - Microsoft has released an update, KB5021751, which is designed to identify the number of customers running Office versions that are outdated or close to their end of support. This update is only installed on systems where Office 2013, Office 2010, or ...
2 years ago Bleepingcomputer.com
Microsoft links recent Microsoft 365 outage to buggy update - While Microsoft resolved the Microsoft 365 authentication problems over the weekend, another advisory published on the admin center states that Exchange Online users still have issues accessing their calendar entries and email messages using the iOS ...
3 months ago Bleepingcomputer.com
New Microsoft 365 outage impacts Teams and other services - In a service alert (MO1068615) in the Microsoft 365 admin center, the company says impacted services include but are not limited to Microsoft Teams, adding that the most likely cause could be a faulty routing configuration for its Azure ...
1 month ago Bleepingcomputer.com
Microsoft announces Office LTSC 2024 preview starting next month - Microsoft announced that Office LTSC 2024, the next Office LTSC release, will enter a commercial preview phase starting next month and will be generally available later this year. This forthcoming Office LTSC release will have fewer features than the ...
1 year ago Bleepingcomputer.com
Microsoft: New Windows scheduled task will launch Office apps faster - "We are introducing a new Startup Boost task from the Microsoft Office installer to optimize performance and load-time of experiences within Office applications," Microsoft says on the Microsoft 365 message center. However, Microsoft says this ...
2 months ago Bleepingcomputer.com
Microsoft 365 Family Subscriptions Users Hit by Licensing Glitch Denies Services - The issue appears to be isolated to users with Microsoft 365 Family subscriptions, affecting their ability to access services like Word, Excel, PowerPoint, and OneDrive. Microsoft 365 Family subscribers are currently facing disruptions in accessing ...
2 months ago Cybersecuritynews.com
Microsoft: Outlook email sending issues for users with lots of folders - Microsoft has acknowledged a new issue affecting Outlook for Microsoft 365 users and causing email-sending problems for those with too many nested folders. According to Redmond, this is likely related to an older issue concerning mailboxes with more ...
1 year ago Bleepingcomputer.com
CVE-2018-0922 - Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word ...
4 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)