Summary:
Microsoft has announced that it will start disabling external workbook links to blocked file types by default between October 2025 and July 2026.

After the rollout, Excel workbooks referencing blocked file types will display a #BLOCKED error or fail to refresh, eliminating security risks associated with accessing unsupported or high-risk file types, including, but not limited to, phishing attacks that utilize workbooks to redirect targets to malicious payloads.

This change is being introduced as a new FileBlockExternalLinks group policy, which expands File Block Settings to include external workbook links.

As the company explained in a Microsoft 365 admin center message on Wednesday, Microsoft 365 will display a business bar warning of this upcoming change when opening workbooks containing external links to blocked file types, starting with Build 2509.

However, after updating to Build 2510, if the policy is unconfigured, users will no longer be able to refresh or create new references to blocked file types.

Security Officer Comments:
The ability to link to foreign workbooks has been a useful Excel function for many years, but unfortunately one that has been consistently misused by attackers. Attackers usually create nicely formatted Excel files with links to evil content, and impersonate the victim into opening them through phishing emails or mimic downloads. After opening, links may enforce the auto download of malware, leaving the attackers to access the system or even the network in totality. All in all, disabling links of such harmful file types by Microsoft makes it more challenging for cybercriminals to pull off this trickery. However, it won't solve every issue. Firms still need to pay attention to how documents are opened and accessed, and users need to learn to spot spurious documents.

Suggested Corrections:
Users and businesses who rely heavily on Excel and use external links will have to make a change with this patch. IT personnel will have to go and locate any spreadsheets using external links to these newly blocked file types and replace them with better alternatives. Internal file-sharing procedures should also be audited and staff reminded of the risks of opening a link or executing macros in strange Excel documents. Keeping the operating system updated and using Microsoft Defender for Office can also detect threats before they have the capability to run. Training employees to spot phishing messages and suspicious documents is one of the finest ways to render such an attack futile.

Link(s):
https://www.bleepingcomputer.com/ne...xternal-workbook-links-to-blocked-file-types/