Microsoft has announced a significant security enhancement by disabling ActiveX controls by default in Microsoft 365 and Office 2024 applications. This change, effective from October 2024 for Office 2024 and rolling out in stages starting April 2025 for Microsoft 365 apps, aims to mitigate security risks associated with ActiveX. (support.microsoft.com)

Background on ActiveX

Introduced in 1996, ActiveX is a Microsoft-developed framework that allows interactive content to be embedded within applications like Microsoft Office. While it enabled rich interactivity, ActiveX has been notorious for its security vulnerabilities, often exploited by attackers to execute malicious code. (en.wikipedia.org)

Implications of Disabling ActiveX

Enhanced Security:

By disabling ActiveX controls, Microsoft aims to close a significant vector for malware and unauthorized code execution, thereby enhancing the overall security posture of Office applications. (support.microsoft.com)

Impact on Users:

Users will no longer be able to create or interact with ActiveX objects in Office documents. Existing ActiveX objects will appear as static images, with no interactive functionality. (support.microsoft.com)

Reverting the Change:

For users who require ActiveX functionality, it can be re-enabled through the Trust Center settings in Office applications. However, Microsoft strongly recommends keeping ActiveX controls disabled unless absolutely necessary to maintain optimal security. (support.microsoft.com)

Technical Details

The default configuration setting for ActiveX objects will change from "Prompt me before enabling all controls with minimal restrictions" to "Disable all controls without notification." This change applies to the Win32 desktop versions of Word, Excel, PowerPoint, and Visio. (support.microsoft.com)

Conclusion

Microsoft's decision to disable ActiveX controls by default in Microsoft 365 and Office 2024 is a proactive measure to enhance security and protect users from potential threats. While it may affect workflows that rely on ActiveX, the move underscores the importance of prioritizing security in software development and usage.