- Microsoft 365 will begin to block Activex by default
- The “powerful” tool puts users at risk of remote code execution
- Users cannot create or interact with Activex objects
Microsoft has revealed that Activex will be disabled by default in Microsoft 365 from this month, citing security as the key decisive factor of the company.
In a blog post, the Microsoft Office Security Product Manager, Zaeem Patel, acknowledged that Activex, which allows rich interactions within Microsoft 365 applications, is a “powerful technology”, however, it is also one that comes with associated security risks thanks to the amount of access it has to the system of a user.
As of April 2025, Microsoft will disable all controls without notification by default through Microsoft Word, Microsoft Excel, Microsoft Powerpoint and Microsoft Visio.
Microsoft begins to block Activex by default this month
Patel criticized the predetermined configuration previous to put users at risk of being exploited by the attackers through social engineering or malicious archives.
A successful Activex attack could give malicious actors access to the execution of remote code, putting the system of a victim and the network of the entire organization at risk.
Enable Activex now requires manual action through the trusted center, and that means that system administration permits allow access to this. Users without access will see the Grayed option, instead.
“When Activex is disabled, you can no longer create or interact with Activex objects in Microsoft 365 files,” Patel confirmed.
Described as “small construction blocks that create applications that work through the Internet through web browsers,” Microsoft explains on a separate support page how Activex controls can be used for command buttons, list frames and dialog boxes.
“Some existing active objects will remain visible as a static image, but it will not be possible to interact with them,” Patel added.
The users of the Beta Canal are already being affected with the change, with current channel users (preview) that execute version 2504 (Compilation 18730.20030) or then also experience the change this month.
In an apparent recognition that some users may not be happy with the change and the fact that there is no real direct replacement, Microsoft is offering to collect comments through the file> Comments on any application of Microsoft 365.
