Microsoft will begin to disable by default all Activex controls in Windows versions of the productivity and collaboration suite, Microsoft 365 and Office 2024, at the end of this month.
Entted almost three decades, in 1996, Activex is an inherited software frame that allows developers to create interactive objects embedded in Office documents. His problem has been his numerous security problems.
Once the changes announced by Microsoft, Activex will be completely blocked and without notification in Word, Excel, PowerPoint and Visio to reduce the risk of malware or unauthorized code execution. When opening documents with Activex controls, a notification will appear at the top with a “more information” button that will say: “Blocked content: Activex content in this file is blocked”.
Microsoft also warned Office users in an independent support document that They do not open unexpected attachments nor change the Activex configuration when random emerging windows or unknown people appear request it.
“When Activex is disabled, you can no longer create or interact with Activex objects in Microsoft 365 files. Some existing Active Objects will remain visible as a static image, but it will not be possible to interact with them”explains Zaeem Patel, product manager of the Office Security Team.
For optimal security, Microsoft strongly recommends Leave Activex controls disabled “Unless it is absolutely necessary”they insist, and this can be done through the trusted center.
Goodbye to Activex
The decision to deactivate it by default was probably motivated by the well -known Activex security problems, including zero day vulnerabilities which were exploited by several groups of threats backed by states and financially motivated to implement malware. Cybercriminals have also used Activex controls integrated in Word documents to install Trickbot malware and beacons Cobalt Strike to violate and maintain access to business networks.
This measure is also a much broader effort to eliminate or deactivate Windows and Office functions than the attackers have used abusive to infect Microsoft customers with malware. This dates back to 2018, when Microsoft expanded the compatibility of its antimalware analysis interface (AMSI) to Office 365 client applications to frustrate attacks by means of Macros de VBA of Office.
