Microsoft has introduced that it’s going to begin disabling exterior workbook hyperlinks to blocked file varieties by default between October 2025 and July 2026.
After the rollout, Excel workbooks referencing blocked file varieties will show a #BLOCKED error or fail to refresh, eliminating safety dangers related to accessing unsupported or high-risk file varieties, together with, however not restricted to, phishing assaults that make the most of workbooks to redirect targets to malicious payloads.
This transformation is being launched as a brand new FileBlockExternalLinks group coverage, which expands File Block Settings to incorporate exterior workbook hyperlinks.
As the corporate defined in a Microsoft 365 admin heart message on Wednesday, Microsoft 365 will show a enterprise bar warning of this upcoming change when opening workbooks containing exterior hyperlinks to blocked file varieties, beginning with Construct 2509.
Nevertheless, after updating to Construct 2510, if the coverage is unconfigured, customers will not have the ability to refresh or create new references to blocked file varieties.
“If not configured, no adjustments will take impact instantly. Nevertheless, beginning October 2025, the default conduct will block exterior hyperlinks to file varieties at the moment blocked by the Belief Heart,” the corporate mentioned.
“We advocate reviewing present workbooks and speaking this modification to customers who depend on exterior hyperlinks to make sure continuity of workflows.”
Microsoft 365 admins who wish to re-enable refreshing exterior hyperlinks to blocked file varieties can edit the HKCUSoftwareMicrosoftOffice<model>ExcelSecurityFileBlockFileBlockExternalLinks registry key utilizing the detailed directions on this assist doc.
For the reason that begin of the yr, the corporate has additionally added the .library-ms and .search-ms file varieties to the listing of blocked Outlook attachments and began turning off all ActiveX controls in Home windows variations of Microsoft 365 and Workplace 2024 functions.
These adjustments are a part of a broader effort to take away or disable Workplace and Home windows options which were exploited to contaminate Microsoft customers with malware.
This initiative started in 2018 when Microsoft expanded assist for its Antimalware Scan Interface (AMSI) in Workplace 365 shopper apps, enabling the blocking of assaults that use Workplace VBA macros.
Since then, the corporate has began blocking VBA Workplace macros by default, launched XLM macro safety, disabled Excel 4.0 (XLM) macros, introduced that it might quickly kill off VBScript, and begun blocking untrusted XLL add-ins by default throughout Microsoft 365 tenants.
Earlier at the moment, Microsoft additionally introduced that it has elevated bounty payouts to $40,000 for some .NET and ASP.NET Core vulnerabilities.
Malware concentrating on password shops surged 3X as attackers executed stealthy Good Heist situations, infiltrating and exploiting crucial methods.
Uncover the highest 10 MITRE ATT&CK methods behind 93% of assaults and find out how to defend in opposition to them.
