Microsoft is making significant changes to its Office 2024 suite. To be released in October 2024, ActiveX controls will be disabled by default. This move aims to enhance security and reduce potential vulnerabilities that have been exploited in the past. Unfortunately these security changes will be applied by default on only the newest 2024 version of the product, potentially leaving users of older versions of the product vulnerable to these well-known, and frequently exploited, vulnerabilities in the Microsoft Office product line.
ActiveX has been a part of Office since 1996, allowing for interactive elements within documents. However, its use has declined over time due to security concerns. The upcoming change will affect Word, Excel, PowerPoint, and Visio in their desktop versions. While users won’t be able to interact with or create new ActiveX objects, some existing ones will remain visible as static images.
The transition away from ActiveX controls in Microsoft Office will happen in phases. Office 2024 for Win32 desktop programs will be the first to disable these controls by default when launched. Microsoft 365 apps will follow this change in April 2025.
For users of non-commercial Office versions like Home & Student, a message will appear when trying to use an ActiveX object. This notification will explain the new default setting.
People who still need ActiveX in their Office files have options:
These steps allow manual activation of the feature. The shift affects key Office programs:
This update impacts both standalone Office and Microsoft 365 Apps for Enterprise. It’s a significant change in how Office handles certain interactive elements in documents.
To bring dormant elements back to life in Office applications, users have two main options. The first involves tweaking settings within the software itself. Open any Office program, click on “File,” then “Options,” and find the “Trust Center” tab. From there, enter “Trust Center Settings” and locate “ActiveX Settings.” Pick the choice that prompts before enabling controls.
The second method uses system-level changes. Edit the Windows registry or use Group Policy tools to find the Office security settings. Look for the option to disable all inactive components and set its value to zero. This tells Office to allow these elements to function again.
ActiveX has become a prime target for cybercriminals over time. This technology has been used in various malicious campaigns, putting users at risk. Hackers have found ways to exploit ActiveX vulnerabilities to steal data and spread malware.
Some notable incidents include:
These examples show how ActiveX can be a weak point in system security. Cybercriminals often use phishing emails to deliver infected files. Once opened, these files can trigger ActiveX controls to run harmful code.
The ongoing security issues with ActiveX highlight the need for caution when dealing with this technology. Users and organizations should be aware of the risks and take steps to protect themselves from potential ActiveX-based attacks.
Microsoft is taking steps to improve Office security. The company is turning off old features that hackers often use to attack computers. This effort began in 2018 when Microsoft added new scanning tools to Office 365 apps.
In 2021, Microsoft made Excel safer by scanning for harmful macros. The next year, they turned off macros in Excel by default. They also stopped macros from running in files from the internet.
Here are some key security updates:
These changes aim to reduce ways attackers can get into systems . Microsoft Office 2024 is expected to continue this trend with more security-focused updates. Users can look forward to a safer Office experience with these ongoing improvements.
To get the newest Microsoft Office with improved ActiveX security:
Remember to keep automatic updates on for future security patches.
To guard against newly discovered Office remote code execution vulnerabilities:
Users of Office 2016 and earlier face higher risks from ActiveX vulnerabilities:
Upgrading to a newer version is strongly recommended for better security.
The CVE-2024-21413 vulnerability impacts several Outlook versions. Affected users should:
Users should ensure automatic updates are enabled to receive these improvements.
To ensure Excel has the latest security patches:
Enable automatic updates for consistent protection. Check for updates regularly if using manual mode.
705-325-6100
8 Westmount Drive South, Unit 4
Orillia, ON L3V 6C9
Website, Branding, Graphic Design and Strategic Content Development by Orillia Computer
Copyright Orillia Computer 2024. All rights reserved.
1000282541 Ont. Ltd DBA Orillia Computer