Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

Microsoft has released two security enhancements as defense-in-depth measures for Excel in the January 2022 update. These security enhancements disable Dynamic Data Exchange (DDE) and automatic activation of OLE (Object Linking and Embedding) objects in all supported versions of Excel. 

Dynamic Data Exchange (DDE)

In January 2018, controls to disable DDE server lookup and DDE server launch were added to all supported versions of Excel. 

In August 2019, Office 365 versions >= 1902 had DDE server launch disabled and Group Policy support was added for both DDE server lookup and DDE server launch. 

In Office 2021, DDE server launch is disabled and Group Policy support for both DDE settings is present. 

The January 2022 update disables DDE server launch in all supported versions of Excel and provides Group Policy support for this setting in Office 2016 and Office 2019. Users who have previously configured these settings will not be affected by this update. 

Restoring old behavior

Users and administrators who wish to enable DDE server launch can choose from the following options: 

  • For Office 2019, Office LTSC 2021, and Office 365, users can control DDE settings in the External Content section of Trust Center Settings.

  • For all Office versions, users and administrators may set the appropriate registry value for DDE server launch.

  • For Office 2016, Office 2019, Office LTSC 2021, and Office 365, administrators may use Group Policy to re-enable DDE server launch.

Warning: Warning: this will prevent users from disabling DDE server launch on their machines.

For more information about the DDE defense-in-depth enhancement and how to re-enable DDE server launch via the registry or group policy, see ADV170021 - Security Update Guide - Microsoft - Microsoft Office Defense in Depth Update.

Automatic activation of OLE (Object Linking and Embedding) Objects

The January 2022 update disables automatic activation of OLE objects for all supported versions of Excel. Users wishing to activate OLE objects must manually activate them after opening the file. 

Restoring old behavior

Users who wish to restore automatic activation of OLE objects can do this: 

  1. Open Registry Editor

    Caution:  Editing the registry incorrectly might severely damage your system. Before you make changes to the registry, we recommend that you back up any valued data on the computer.

  2. Add the following registry value as a DWORD:

    1. Office 2013: Computer\HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Excel\Security\BlockOleAutoActivate

    2. Office 2016, 2019, 2021, 365: Computer\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\BlockOleAutoActivate

  3. Set the value to 0

  4. Restart Excel

To re-enable the OLE auto-activation block, set the registry value to 1. 

Learn more

Microsoft security help and learning

Microsoft Excel help and learning

Facebook LinkedIn Email

Need more help?

Want more options?

Discover Community

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community

Windows Insiders

Microsoft 365 Insiders

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!

×