Excel will soon block links to risky file types in Microsoft’s new policy changes

Microsoft will soon be blocking external links to blocked file types in Excel. This is part of a broader effort to reduce or disable exploits that have previously been used to infect users with malware.

Excel will now show a #BLOCKED error when trying to reference file types blocked by the Trust Center. In Build 2509, users will only see a warning bar, which will extend to full restriction starting Build 2510. In this version, unless the policy is reconfigured, users will not be able to add or update these blocked links.

In the company’s Microsoft 365 admin center message, it explained that the default behaviour on Excel will now prevent it from adding such references, and recommends users to stick to this setting. Most phishing attacks will use these high-risk links to redirect users to malicious code.

Early this year, Microsoft added “.library-ms” and “.search-ms” to the list of blocked formats for Outlook and disabled ActiveX controls, which were risky in that they could execute unauthorized code without the user knowing.

This change merely comes from Microsoft in an attempt to “harden” its Office and Windows environments. The company is now moving away from its legacy openness that has long allowed hackers to abuse the system, which is what it is now aiming to shut close.

To re-enable references to the blocked file types, simply head on to regedit, and navigate to: “HKCU\Software\Microsoft\Office\<version>\Excel\Security\FileBlock\FileBlockExternalLinks.” There, double-click on “FileBlockExternalLinks” and set its value to 0.