Microsoft announced a significant change in the workings of its office applications starting October 2024. The new version of Office 2024 will default to disconnecting Activex control elements in Word, Excel, PowerPoint, and Visio. This change will first impact desktop applications Office Win32, with Microsoft 365 users following suit from April 2025.
Activex, an outdated technology introduced in 1996, allowed developers to embed interactive objects in Office documents. However, with the new Office version, safety settings will be adjusted to disconnect Activex control elements by default.
Users will no longer be able to create or interact with Activex objects in their documents. Instead, these elements will display as static images, potentially causing inconvenience for those who relied on these objects for their work.
Activex technology has long been a concern due to security vulnerabilities. Hackers have exploited Activex to spread malware, including well-known attacks like Trickbot and Cobalt Strike. These attacks enabled hackers to infiltrate corporate networks by installing malicious software through Word documents containing Activex elements.
For users who need to include Activex controls in their Office documents, they can revert to the previous default settings using the following methods:
- Select the “request confirmation before inclusion of all controls with minimal restrictions” parameter in the “ActiveX” section of the Safety Management Settings dialog box;
- Set the Hkey_current_user Software Office COMMON Security parameter Disableallactivex value to 0 (reg_dword) in the registry;
- Set the group policy parameter “Disable all Activex” value to 0.
The discontinuation of Activex is part of Microsoft’s broader efforts to enhance the security of its products. The company has been implementing measures aimed at blocking potentially risky functions in Office and Windows, such as VBA and XLM macros, protection for XLM, and barring unreliable XLL add-ins.
Furthermore, in 2024, Microsoft plans to phase out VBScript, another technology linked to vulnerabilities. VBScript is expected to become an “on request” option before being entirely removed from Microsoft products.
Companies using Activex for process automation should prepare for potential operational delays and increased technical support costs. IT administrators will need to provide employee training and allocate additional resources to either restore Activex functionality or seek alternative solutions.
These changes to Office may elicit some displeasure among users accustomed to the old functionalities. The abrupt discontinuation of familiar tools could have a negative impact