Microsoft has introduced that it’s going to begin disabling exterior workbook hyperlinks to blocked file sorts by default between October 2025 and July 2026.
After the rollout, Excel workbooks referencing blocked file sorts will show a #BLOCKED error or fail to refresh, eliminating safety dangers related to accessing unsupported or high-risk file sorts, together with, however not restricted to, phishing assaults that make the most of workbooks to redirect targets to malicious payloads.
This modification is being launched as a brand new FileBlockExternalLinks group coverage, which expands File Block Settings to incorporate exterior workbook hyperlinks.
As the corporate defined in a Microsoft 365 admin heart message on Wednesday, Microsoft 365 will show a enterprise bar warning of this upcoming change when opening workbooks containing exterior hyperlinks to blocked file sorts, beginning with Construct 2509.
Nonetheless, after updating to Construct 2510, if the coverage is unconfigured, customers will now not be capable of refresh or create new references to blocked file sorts.
“If not configured, no modifications will take impact instantly. Nonetheless, beginning October 2025, the default habits will block exterior hyperlinks to file sorts presently blocked by the Belief Heart,” the corporate stated.
“We suggest reviewing current workbooks and speaking this transformation to customers who depend on exterior hyperlinks to make sure continuity of workflows.”
Microsoft 365 admins who wish to re-enable refreshing exterior hyperlinks to blocked file sorts can edit the HKCUSoftwareMicrosoftOffice
For the reason that begin of the yr, the corporate has additionally added the .library-ms and .search-ms file sorts to the record of blocked Outlook attachments and began turning off all ActiveX controls in Home windows variations of Microsoft 365 and Workplace 2024 functions.
These modifications are a part of a broader effort to take away or disable Workplace and Home windows options which were exploited to contaminate Microsoft customers with malware.
This initiative started in 2018 when Microsoft expanded help for its Antimalware Scan Interface (AMSI) in Workplace 365 shopper apps, enabling the blocking of assaults that use Workplace VBA macros.
Since then, the corporate has began blocking VBA Workplace macros by default, launched XLM macro safety, disabled Excel 4.0 (XLM) macros, introduced that it could quickly kill off VBScript, and begun blocking untrusted XLL add-ins by default throughout Microsoft 365 tenants.
Earlier as we speak, Microsoft additionally introduced that it has elevated bounty payouts to $40,000 for some .NET and ASP.NET Core vulnerabilities.
CISOs know that getting board buy-in begins with a transparent, strategic view of how cloud safety drives enterprise worth.
This free, editable board report deck helps safety leaders current danger, influence, and priorities in clear enterprise phrases. Flip safety updates into significant conversations and sooner decision-making within the boardroom.
