microsoft-excel

Microsoft Excel Tightens Security: Blocking External Links to Risky Files

Today in Tech

Today in Tech

2 min read
Microsoft Excel Security Warning: Automatic update of links has been ...
Microsoft Excel Security Warning: Automatic update of links has been ...

Microsoft Excel Tightens Security: Blocking External Links to Risky Files

Microsoft Excel is getting a significant security boost! In a move to protect users from potential threats, Microsoft will soon disable external workbook links to file types deemed unsafe by default. This change aims to reduce the risk of malware and phishing attacks that can exploit vulnerabilities through linked files.

Microsoft Excel Security Warning: Automatic update of links has been ...

Microsoft Excel Security Warning: Automatic update of links has been ...

Why This Change?

For years, Excel has allowed users to link to data in external workbooks. While this feature can be useful, it also presents a security risk. Malicious actors can embed harmful code within certain file types and trick users into opening them through these external links. By blocking links to these risky file types by default, Microsoft is significantly reducing the attack surface.

Historically, Excel users could reference data from a wide range of external files-even those considered high-risk or "blocked" according to the Trust Center's evolving list. This update is a deliberate campaign to curtail these risks.

Which File Types Are Affected?

The specific file types being blocked include those commonly associated with malware or phishing attacks. Examples include:

  • .library-ms
  • .search-ms
  • Other formats used to launch malware or redirect to phishing resources

These file types are often used to disguise malicious code as legitimate files, making them a prime target for attackers.

When Will This Change Happen?

Microsoft plans to roll out this change between October 2025 and July 2026. This phased approach allows users and organizations time to prepare for the update and adjust their workflows accordingly.

How to Prepare

Here are a few steps you can take to prepare for this change:

  1. Review your Excel workbooks: Identify any workbooks that use external links to potentially risky file types.
  2. Update your links: If possible, replace links to blocked file types with safer alternatives, such as importing the data directly into your Excel workbook.
  3. Inform your users: Let your users know about the upcoming change and how it might affect their work.

Microsoft understands that some users may have legitimate reasons to use external links to blocked file types. For administrators who need to allow these links, there is an option to revert to the previous behavior using a registry setting:

Set HKCU\Software\Microsoft\Office\16.0\Excel\Security\FileBlock\FileBlockExternalLinks to 0.

However, it's important to carefully consider the security implications before making this change.

Key Takeaways

  • Microsoft is disabling external workbook links to blocked file types by default in Excel.
  • This change improves security by reducing the risk of malware and phishing attacks.
  • The change will be rolled out between October 2025 and July 2026.
  • Administrators can revert to the previous behavior using a registry setting, but should carefully consider the security implications.

References

Read more