Microsoft 365 is now complete: ActiveX is being turned off
ActiveX follows Flash. The risky plug-ins will soon no longer work by default in Microsoft 365 apps.
(Image: IB Photography/Shutterstock.com)
Microsoft is deactivating support for ActiveX in its Microsoft 365 Office package. In April, the Windows versions of Microsoft Words, Excel, PowerPoints and Visios will no longer run ActiveX by default and will no longer notify users of this. This is intended to raise the security level of the software.
ActiveX has been considered inherently insecure since at least 2003. “The security advisories from Symantec and Trend Micro show that there is no such thing as a 'secure ActiveX control',” wrote Heise security manager Jürgen Schmidt in his commentary at the time. Because: “If you install an ActiveX control on your computer, it is just as secure or insecure as a normal program: If the developer writes into the control: 'Delete all files on this system', then it deletes all files to which the user who started it has access.”
Over the last two and a half decades, Microsoft has repeatedly tinkered with the ActiveX system and, for example, made it possible to deactivate individual ActiveX modules in Internet Explorer. In the end, ActiveX has repeatedly proved to be a gateway for malware and IT attackers.
There is still one option
Microsoft already switched off ActiveX support by default in Office 2024 when it was released in October, and now it's the turn of the Microsoft 365 applications mentioned above (from version 2504 or build 18730.20030). The deactivation has already taken place in the beta channel, as a Microsoft blog post informs. Some ActiveX objects will therefore remain visible as a static image, but interaction with them will no longer be possible.
Videos by heise
However, ActiveX is not completely over. If you like to take risks, you can specify in the Trust Center settings that you can reactivate individual ActiveX objects manually. However, if there is a group administrator, they can prevent this or also release it for all their members.
At least then you know who will have been at fault. And if someone offers you an update to reactivate ActiveX, alarm bells should ring.
(ds)
