![Apple Watch Series 10 Back On Sale for $299! [Lowest Price Ever]](https://www.iclarified.com/images/news/96657/96657/96657-640.jpg)
![Apple Slips to Fifth in China's Smartphone Market with 9% Decline [Report]](https://www.iclarified.com/images/news/97065/97065/97065-640.jpg)
![EU Postpones Apple App Store Fines Amid Tariff Negotiations [Report]](https://www.iclarified.com/images/news/97068/97068/97068-640.jpg)
_Andreas_Prott_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![[The AI Show Episode 144]: ChatGPT’s New Memory, Shopify CEO’s Leaked “AI First” Memo, Google Cloud Next Releases, o3 and o4-mini Coming Soon & Llama 4’s Rocky Launch](https://www.marketingaiinstitute.com/hubfs/ep%20144%20cover.png)
![How to Work With HAR Files: A Step-by-Step Guide [With Examples]](https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5wovh8gozs51ofbg0nks.png)
Microsoft Disables ActiveX by Default in 365 to Block Malware Execution by Hackers
Microsoft has taken a critical step to enhance security across its productivity suite by disabling ActiveX controls by default in Microsoft 365 applications. This significant security update, which began rolling out earlier this month, aims to reduce the risk of malware and unauthorized code execution that has long plagued the legacy technology. Starting April 2025, […] The post Microsoft Disables ActiveX by Default in 365 to Block Malware Execution by Hackers appeared first on Cyber Security News.
Microsoft has taken a critical step to enhance security across its productivity suite by disabling ActiveX controls by default in Microsoft 365 applications.
This significant security update, which began rolling out earlier this month, aims to reduce the risk of malware and unauthorized code execution that has long plagued the legacy technology.
Starting April 2025, the Windows versions of Microsoft Word, Excel, PowerPoint, and Visio will automatically block ActiveX controls without notification.
This change follows a similar security measure implemented in the standalone Office 2024 package released in October 2024.
Security Change Impacts Major Office Applications
“The previous default setting, ‘Prompt me before enabling all controls with minimal restrictions,’ allowed you to enable potentially dangerous ActiveX controls, which attackers could exploit through social engineering or malicious files,” said Zaeem Patel, Product Manager on the Office Security team.
“The new default setting is more secure because it blocks these controls entirely, reducing the risk of malware or unauthorized code execution.”
The technical implementation equates to enabling the existing DisableAllActiveX group policy setting by default.
When users open a document containing ActiveX controls, they’ll now see a notification banner stating “BLOCKED CONTENT: The ActiveX content in this file is blocked,” with an option to learn more.
For organizations requiring ActiveX functionality, system administrators can modify this behavior through Group Policy by navigating to:
Alternatively, cloud policies may be deployed using the Cloud Policy service for Microsoft 365.
Legacy Technology with Security Vulnerabilities
ActiveX, introduced in 1996, has been part of Microsoft Office’s framework for nearly three decades. It allows developers to create interactive elements within documents. However, its deep access to system resources has made it a prime target for cybercriminals.
Security experts have long advocated for this change. “Making its subscription customers wait just a little longer for better security is emblematic of Microsoft’s cautious, phased approach to flensing its flagship software of insecure features,” notes a security analysis from ThreatDown.
When ActiveX is disabled, users will no longer be able to create or interact with ActiveX objects in Microsoft 365 files.
Some existing ActiveX objects will still display as static images but without interactive functionality.
Microsoft advises caution when encountering files that prompt for ActiveX settings changes:
- Avoid opening unexpected file attachments, even from seemingly trusted sources
- Be wary if someone you don’t know encourages you to change ActiveX settings
- Exercise skepticism toward pop-up messages urging ActiveX setting adjustments
Individual users who still require ActiveX functionality can re-enable it by:
- Selecting File > Options > Trust Center
- Clicking Trust Center Settings
- Going to ActiveX Settings
- Selecting “Prompt me before enabling all controls with minimal restrictions”
- Clicking OK
The registry key HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Security\DisableAllActiveX can also be set to 0 (REG_DWORD) to restore the previous behavior.
This update is currently available to Beta Channel users and is rolling out to Current Channel (Preview) users running Version 2504 (Build 18730.20030) or later.
The change represents Microsoft’s ongoing commitment to balancing backward compatibility with modern security requirements in its productivity suite.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
The post Microsoft Disables ActiveX by Default in 365 to Block Malware Execution by Hackers appeared first on Cyber Security News.
