ActiveX blocked by default in Microsoft 365 because remote code execution is bad, OK? Microsoft has twisted the knife into ActiveX once again, setting Microsoft 365 to disable all controls without so much as a prompt. The change replaces the previous default setting, "Prompt me before enabling all controls with minimal restrictions," which relied on the user understanding the implications before blithely giving …
Yes, it's still a thing in the real world where companies use stuff that has been working just fine for them for a very long time because why would they go through the ballache of changing. Which isn't to say that it shouldn't die immediately, but the real world doesnt' work that way.
I recall developing an ActiveX control that was basically a drop-in component encapsulating the NNTP reader component of Outlook Express way back when. If my code implemented particular interfaces relating to security then my ActiveX control would basically be signalling itself as a safe and trustworthy control! Of course, I'm talking about unsigned ActiveX controls within an enterprise environment so there's a certain level of trust assumed but no-one checked what my code did and the NNTP reader control was just rolled out to anyone browsing a particular page on the company's intranet.
Microsoft is SO GOOD at reinventing a thing, poorly, with long term security issues. I don't know that professional programmers with that goal could make those kinds of problems on purpose.
It's good to see that they're capable, finally, of admitting when something is shitty. For how many decades did people have to endure macro viruses in documents JUST IN CASE someone might use macros and wouldn't want others to have to answer a prompt or something.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
