ActiveX blocked by default in Microsoft 365 because remote code execution is bad, OK?
Microsoft has once again tightened the screws on ActiveX, making it the default behaviour in Microsoft 365 to block all ActiveX controls outright, leaving users with fewer prompts and more security. This decision comes as a response to continuous abuse of ActiveX controls that allow malicious remote code execution. Prior to this change, users were prompted to enable controls, which required a level of understanding of the risks involved.
With the new default, Microsoft aims to shield users from potential threats stemming from these outdated components that compromise system integrity. If users want to re-enable ActiveX, they need to navigate to the Trust Center settings, a task that may not be easily undertaken without IT approval.
Key Points
- Microsoft 365 now blocks ActiveX controls by default for improved security.
- The former prompt system for enabling controls has been eliminated to prevent unintentional security risks.
- ActiveX technology, while once popular, has been deprecated due to its vulnerabilities.
- The change aims to protect users from the risks of remote code execution associated with ActiveX.
- To enable ActiveX, users must navigate to the Trust Center settings and request permission from admins.
Why should I read this?
If you’re a Microsoft 365 user, this change could affect your workflow, especially if you rely on ActiveX for certain tasks. Microsoft is pushing for a safer experience, and this article breaks down the implications. We’ve saved you the hassle of sifting through tech jargon—get the gist of the situation here and ensure your teams stay secure.
“`