Microsoft has introduced that it’s going to begin disabling exterior workbook hyperlinks to blocked file varieties by default between October 2025 and July 2026.
After the rollout, Excel workbooks referencing blocked file varieties will show a #BLOCKED error or fail to refresh, eliminating safety dangers related to accessing unsupported or high-risk file varieties, together with, however not restricted to, phishing assaults that make the most of workbooks to redirect targets to malicious payloads.
This modification is being launched as a brand new FileBlockExternalLinks group coverage, which expands File Block Settings to incorporate exterior workbook hyperlinks.
As the corporate defined in a Microsoft 365 admin heart message on Wednesday, Microsoft 365 will show a enterprise bar warning of this upcoming change when opening workbooks containing exterior hyperlinks to blocked file varieties, beginning with Construct 2509.
Nonetheless, after updating to Construct 2510, if the coverage is unconfigured, customers will not have the ability to refresh or create new references to blocked file varieties.
“If not configured, no modifications will take impact instantly. Nonetheless, beginning October 2025, the default conduct will block exterior hyperlinks to file varieties at the moment blocked by the Belief Heart,” the corporate stated.
“We advocate reviewing present workbooks and speaking this transformation to customers who depend on exterior hyperlinks to make sure continuity of workflows.”
Microsoft 365 admins who wish to re-enable refreshing exterior hyperlinks to blocked file varieties can edit the HKCUSoftwareMicrosoftOfficeExcelSecurityFileBlockFileBlockExternalLinks registry key utilizing the detailed directions on this assist doc.
Because the begin of the yr, the corporate has additionally added the .library-ms and .search-ms file varieties to the checklist of blocked Outlook attachments and began turning off all ActiveX controls in Home windows variations of Microsoft 365 and Workplace 2024 functions.
These modifications are a part of a broader effort to take away or disable Workplace and Home windows options which have been exploited to contaminate Microsoft customers with malware.
This initiative started in 2018 when Microsoft expanded assist for its Antimalware Scan Interface (AMSI) in Workplace 365 consumer apps, enabling the blocking of assaults that use Workplace VBA macros.
Since then, the corporate has began blocking VBA Workplace macros by default, launched XLM macro safety, disabled Excel 4.0 (XLM) macros, introduced that it will quickly kill off VBScript, and begun blocking untrusted XLL add-ins by default throughout Microsoft 365 tenants.
Earlier at this time, Microsoft additionally introduced that it has elevated bounty payouts to $40,000 for some .NET and ASP.NET Core vulnerabilities.
Include rising threats in actual time – earlier than they impression your online business.
Learn the way cloud detection and response (CDR) provides safety groups the sting they want on this sensible, no-nonsense information.
