Microsoft finally working to resolve known ActiveX vulnerabilities in Office Suite: Fixes appear limited to 2024 version

Duane Mitchell • September 11, 2024

 

Microsoft is making significant changes to its Office 2024 suite. To be released in October 2024, ActiveX controls will be disabled by default. This move aims to enhance security and reduce potential vulnerabilities that have been exploited in the past. Unfortunately these security changes will be applied by default on only the newest 2024 version of the product, potentially leaving users of older versions of the product vulnerable to these well-known, and frequently exploited, vulnerabilities in the Microsoft Office product line.

 

ActiveX has been a part of Office since 1996, allowing for interactive elements within documents. However, its use has declined over time due to security concerns. The upcoming change will affect Word, Excel, PowerPoint, and Visio in their desktop versions. While users won’t be able to interact with or create new ActiveX objects, some existing ones will remain visible as static images.

Key Takeaways

  • Microsoft Office 2024 will disable ActiveX controls by default for improved security.
  • The change affects desktop versions of Word, Excel, PowerPoint, and Visio.
  • Legacy ActiveX objects will remain visible as static images in documents.

Gradual Implementation of Changes

The transition away from ActiveX controls in Microsoft Office will happen in phases. Office 2024 for Win32 desktop programs will be the first to disable these controls by default when launched. Microsoft 365 apps will follow this change in April 2025.

For users of non-commercial Office versions like Home & Student, a message will appear when trying to use an ActiveX object. This notification will explain the new default setting.

People who still need ActiveX in their Office files have options:

  1. Adjust Trust Center settings
  2. Edit the registry
  3. Change group policy settings

These steps allow manual activation of the feature. The shift affects key Office programs:

  • Word
  • Excel
  • PowerPoint
  • Visio

This update impacts both standalone Office and Microsoft 365 Apps for Enterprise. It’s a significant change in how Office handles certain interactive elements in documents.

Reactivating Inactive Components

To bring dormant elements back to life in Office applications, users have two main options. The first involves tweaking settings within the software itself. Open any Office program, click on “File,” then “Options,” and find the “Trust Center” tab. From there, enter “Trust Center Settings” and locate “ActiveX Settings.” Pick the choice that prompts before enabling controls.

The second method uses system-level changes. Edit the Windows registry or use Group Policy tools to find the Office security settings. Look for the option to disable all inactive components and set its value to zero. This tells Office to allow these elements to function again.

ActiveX: A Magnet for Security Threats

 

ActiveX has become a prime target for cybercriminals over time. This technology has been used in various malicious campaigns, putting users at risk. Hackers have found ways to exploit ActiveX vulnerabilities to steal data and spread malware.

 

Some notable incidents include:

  • A hacking group targeted South Korean websites using ActiveX flaws
  • The TrickBot malware used ActiveX to download malicious code via Word documents
  • Attackers leveraged ActiveX in Office 365 to install Cobalt Strike tools

These examples show how ActiveX can be a weak point in system security. Cybercriminals often use phishing emails to deliver infected files. Once opened, these files can trigger ActiveX controls to run harmful code.

The ongoing security issues with ActiveX highlight the need for caution when dealing with this technology. Users and organizations should be aware of the risks and take steps to protect themselves from potential ActiveX-based attacks.

Microsoft tightens Office security by disabling legacy features

Microsoft is taking steps to improve Office security. The company is turning off old features that hackers often use to attack computers. This effort began in 2018 when Microsoft added new scanning tools to Office 365 apps.

In 2021, Microsoft made Excel safer by scanning for harmful macros. The next year, they turned off macros in Excel by default. They also stopped macros from running in files from the internet.

Here are some key security updates:

  • 2018: New scanning tools added to Office 365
  • 2021: Improved Excel macro scanning
  • 2022: Macros disabled by default in Excel
  • 2022: Web-downloaded file macros blocked
  • 2023: Untrusted XLL add-ins blocked

 

These changes aim to reduce ways attackers can get into systems . Microsoft Office 2024 is expected to continue this trend with more security-focused updates. Users can look forward to a safer Office experience with these ongoing improvements.

 

Common Questions About Office ActiveX Security

How to Get the Latest Office Version with Better ActiveX Protection?

To get the newest Microsoft Office with improved ActiveX security:

  1. Check your current version
  2. Back up important files
  3. Visit the official Microsoft website
  4. Download Office 2024
  5. Run the installer
  6. Follow on-screen instructions
  7. Activate your new license

Remember to keep automatic updates on for future security patches.

Protecting Against Recent Office Remote Code Flaws

To guard against newly discovered Office remote code execution vulnerabilities:

  • Install all security updates promptly
  • Use caution when opening email attachments
  • Enable Protected View for Office files
  • Keep antivirus software up-to-date
  • Be wary of macros in documents from unknown sources

Risks for Users of Older Office Versions

Users of Office 2016 and earlier face higher risks from ActiveX vulnerabilities:

  • More exposure to potential attacks
  • Lack of latest security features
  • Fewer updates and patches available
  • Increased chance of compatibility issues
  • Higher likelihood of performance problems

Upgrading to a newer version is strongly recommended for better security.

Outlook Versions Affected by CVE-2024-21413

The CVE-2024-21413 vulnerability impacts several Outlook versions. Affected users should:

  • Update to the latest Outlook version if possible
  • Install security patches as soon as they’re available
  • Use caution when opening emails from unknown senders
  • Disable automatic loading of remote content
  • Consider using alternative email clients temporarily

Key Points About Recent Office C2R Security Updates

  • Fixes for critical security flaws
  • Performance improvements
  • Enhanced protection against phishing attacks
  • Updates to built-in security features
  • Patches for known ActiveX vulnerabilities

Users should ensure automatic updates are enabled to receive these improvements.

Keeping Excel Up-to-Date with Security Patches

To ensure Excel has the latest security patches:

  1. Open Excel
  2. Go to File > Account
  3. Click “Update Options”
  4. Select “Update Now”
  5. Restart Excel after updates install

Enable automatic updates for consistent protection. Check for updates regularly if using manual mode.

Building better solutions for better business®

By Duane Mitchell April 4, 2025
Cisco has issued a critical security alert about a backdoor administrative account in its Smart Licensing Utility (CSLU) that hackers are actively exploiting. This vulnerability allows unauthorized users to gain administrative access to unpatched systems, potentially leading to serious security breaches. The critical flaw (CVE-2023-20198) involves undocumented static admin credentials that give attackers remote administrative […]
By Duane Mitchell April 2, 2025
The U.S. tariffs on Canadian goods have disrupted trade dynamics, but they also present opportunities for Canadian businesses to capitalize on emerging niche markets. Here are some of the most promising areas: 1. High-Quality Apparel Canadian exports of wool suits, jackets, and outerwear are now less competitive in the U.S. market due to the 25% tariff. However, Canada’s expertise in high-quality, wool-based garments and specialized outerwear creates an opportunity to pivot toward premium markets in Europe, Asia , or domestic sales. This could also include diversifying into synthetic or cotton-based premium apparel to meet changing global demands [1]. 2. Alternative Trade Partnerships With the U.S. imposing higher tariffs, Canadian businesses can take advantage of trade agreements like CETA (Europe) and CPTPP (Asia-Pacific) to diversify markets. Products like agricultural goods, packaged food, and textiles are especially well-suited for export to these regions [4][7]. 3. Sustainable Packaging and Materials Canadian producers specializing in sustainable paper, plastics, and packaging can leverage U.S. tariffs on these products to expand within Canada and into other global markets. For instance, demand for eco-friendly, reusable packaging is rising, creating a niche for Canadian manufacturers to cater to both domestic and international sustainability goals [10]. 4. Potash and Agricultural Products Despite the 10-25% U.S. tariffs on Canadian potash, the country’s dominance in global potash production, essential for fertilizers, allows it to explore markets outside the U.S., such as Latin America or Asia. Additionally, agricultural export diversification, including premium grains and produce, can target untapped regions [5][6]. 5. Renewable Energy and Critical Minerals The 10% tariff on Canadian critical minerals and energy products provides impetus for Canada to bolster its renewable energy sector and implement value-added processing for minerals domestically. By investing in solar, wind, and battery production, Canadian companies can develop less U.S.-dependent supply chains while capturing growing global demand for green resources [4][9]. 6. Local Manufacturing and Innovation With tariffs disrupting supply chains, businesses can focus on domestic manufacturing of goods like steel, aluminum, and automotive components . Localization of production and innovation in advanced manufacturing (e.g., robotics and automation) will appeal to Canadian industries aiming to reduce U.S. reliance [6][7]. 7. Luxury and Artisanal Consumer Goods Canadian producers can focus on luxury and artisanal goods, including craft spirits, premium foods, and high-end furniture. Tariffs on U.S. competing goods like wine, spirits, and peanut butter create an opportunity for Canadian brands to replace these products in the domestic market [2][4]. 8. Technology & Software Development Canadian tech companies can position themselves as key players in logistics, supply chain management, and compliance software. As businesses adapt to tariff complexities, there is significant demand for digital solutions that improve efficiency and help navigate trade barriers [6][7]. 9. Tourism and Local Experiences With tariffs fostering national pride and encouraging "buy Canadian" sentiments, Canadian tourism—from nature-based experiences to cultural festivals—can draw more domestic and international visitors, adding value to the local economy [2]. 10. Specialized Support Services Legal, trade consulting, and financial advisory services focused on tariff navigation, market diversification, and supply chain diversification have growing potential. Canadian businesses will require assistance in aligning with new trade policies and global expansion strategies [7][8]. 11. Canada has introduced substantial financial relief and support programs to help businesses affected by tariffs: Export Development Programs: The CAD 5 billion Trade Impact Program offers funding to businesses seeking to reach new international markets, enabling small companies to compete globally [10][12]. Incentives for Innovation: Funding for technology startups and clean energy projects can help businesses innovate and grow amid economic uncertainty [11]. References: www.fibre2fashion.com Disaggregated Analysis of US Tariffs on Canadian Apparel Exports www.canada.ca Canada's Response to US Tariffs www.wernerantweiler.ca Blog Post on Tariff Impacts www.bdo.ca Trade Turmoil: United States Tariffs and Canada's Next Moves www.thestarphoenix.com What You Need to Know About Tariffs on Potash www.doanegrantthornton.ca How New Tariffs Could Affect Canadian Businesses www.hicksmorley.com Tariffs Are Here: How Will They Impact Canadian Businesses? www.nationalpost.com Carney Pivots to Day of Meetings in Ottawa Before Latest Round of Trump Tariffs www.ey.com Canada Imposes New Tariffs on US Origin Products www.packagingdive.com Trump Tariffs on Canada, Mexico: Packaging, Paper, Plastic www.thepoultrysite.com Canada Commits Over C$6 Billion to Fight Impact of US Tariffs, Find New Markets www.canada.ca Canada's Response to US Tariffs www.sobirovs.com Tariffs' Impact on Business Opportunities in Canada
By Duane Mitchell March 8, 2025
The World of AI Ethics and Decision-Making Artificial intelligence has rapidly evolved from theoretical concepts to practical applications that impact our daily lives. Large language models (LLMs) like ChatGPT and other generative AI systems represent some of the most visible advancements in this field. These systems demonstrate impressive capabilities but also raise profound questions about […]