Microsoft 365 Phases Out ActiveX Support

In a significant update, Microsoft has announced the discontinuation of ActiveX support in its Microsoft 365 suite, including widely used applications such as Word, Excel, PowerPoint, and Visio. This change will take effect later this month, marking a pivotal shift towards enhancing the security framework of the software.

ActiveX technology has been a source of concern regarding security vulnerabilities since at least 2003. Industry experts have frequently highlighted its inherent risks, noting that once an ActiveX control is installed, it can operate with the same permissions as any other program. This raises serious concerns, especially if the control is maliciously designed to execute harmful commands.

Over the years, Microsoft has made several modifications to ActiveX, including the ability to disable individual ActiveX controls in Internet Explorer. However, despite these adjustments, ActiveX has continued to present a gateway for malware and cyber threats, prompting the company to take more definitive action.

The transition away from ActiveX was first initiated with the launch of Office 2024, where this support was disabled by default. Now, Microsoft 365 applications will follow suit, specifically from version 2504 and build 18730.20030 onwards. Users in the beta channel have already experienced this change, as detailed in a recent Microsoft blog post.

While the majority of ActiveX functionalities will be disabled, some objects may still be visible as static images within documents. However, interactive capabilities will no longer be available. Users who wish to reactivate specific ActiveX controls will have the option to do so through the settings in the Trust Center, although administrators can impose restrictions on this feature.

As organizations and individuals adapt to these changes, it is crucial to remain vigilant. The deactivation of ActiveX is part of a broader strategy to bolster security measures within Microsoft's software ecosystem. Users are advised to exercise caution if prompted to reactivate ActiveX functionalities, as this could signify potential security risks.

The move to eliminate ActiveX from Microsoft 365 aligns with ongoing efforts to enhance user safety and adapt to evolving cybersecurity challenges, underscoring the importance of maintaining secure operating environments in today's digital landscape.