To help protect your security and privacy, Microsoft Office is configured by default to block external content—such as images, linked media, hyperlinks, and data connections—in workbooks and presentations. Blocking external content helps to prevent Web beacons and other intrusive methods that hackers use to invade your privacy and lure you into running malicious code without your knowledge or consent.
What is external content, and why are Web beacons a potential threat?
External content is any content that is linked from the Internet or an intranet to a workbook or presentation. Some examples of external content are images, linked media, data connections, and templates.
Hackers can use external content as Web beacons. Web beacons send back, or beacon, information from your computer to the server that hosts the external content. Types of Web beacons include the following:
-
Images A hacker sends a workbook or presentation for you to review that contains images. When you open the file, the image is downloaded and information about the file is beaconed back to the external server.
-
Images in Outlook e-mail messages Microsoft Office has its own mechanism for blocking external content in messages. This helps to protect against Web beacons that could otherwise capture your email address. For more information, see Block or unblock automatic picture downloads in email messages.
-
Linked media A hacker sends you a presentation as an attachment in an email message. The presentation contains a media object, such as a sound, that is linked to an external server. When you open the presentation in Microsoft PowerPoint, the media object is played and in turn executes code that runs a malicious script that harms your computer.
-
Data connections A hacker creates a workbook and sends it to you as an attachment in an email message. The workbook contains code that pulls data from or pushes data to a database. The hacker does not have permissions to the database, but you do. As a result, when you open the workbook in Microsoft Excel, the code executes and accesses the database by using your credentials. Data can then be accessed or changed without your knowledge or consent.
How does the Trust Center help protect me from external content?
If there are external data connections present in your workbook or presentation, when you open the file a business bar notifies you that the external content has been disabled.
Click Enable Content on the business bar if you want to unblock the external content. To learn how to make a secure decision before clicking an option, see the next section.
What should I do when a security warning asks if I want to enable or disable external content?
When a security dialog box appears, you have the option to enable the external content or to leave it blocked. You should only enable the external content if you are sure that it is from a trustworthy source.
Important: If you are sure that the external content in a workbook or presentation is trustworthy, and if you do not want to be notified about this specific external content again, instead of changing the default Trust Center settings to a less safe security level, it is better to move the file to a trusted location. Files in trusted locations are allowed to run without being checked by the Trust Center security system.
Change external content settings for Excel in the Trust Center
External content security settings are located in the Trust Center for Microsoft Excel only. You cannot change external content settings globally for Microsoft PowerPoint in the Trust Center.
If you work in an organization, your system administrator might already have changed the default settings, and this might prevent you from changing any settings yourself. Following are the different external content settings for Excel in the Trust Center.
Change settings for Data Connections
-
In Excel, click the File tab.
-
Click Options > Trust Center > Trust Center Settings, and then click External Content.
-
Click the option that you want under Security settings for Data Connections:
-
Enable all Data Connections (not recommended) Click this option if you want to open workbooks that contain external data connections and to create connections to external data in the current workbook without receiving security warnings. We don't recommend this option, because connections to an external data source that you are not familiar with can be harmful, and because you do not receive any security warnings when you open any workbook from any location. Use this option only when you trust the data sources of the external data connections. You may want to select this option temporarily, and then return to the default setting when you no longer need it.
-
Prompt user about Data Connections This is the default option. Click this option if you want to receive a security warning whenever a workbook that contains external data connections is opened, and whenever an external data connection is created in the current workbook. Security warnings give you the option of enabling or disabling data connections for each workbook that you open on a case-by-case basis.
-
Disable all Data Connections Click this option if you don't want any external data connections to be enabled in the current workbook. When you choose this option, no data connection in any workbook that you open is ever connected. If you create new external data connections after opening a workbook, those data connections are not enabled when you open the workbook again. This is a very restrictive setting, and may cause some functionality not to work as expected.
-
Change settings for Workbook Links
-
In Excel, click the File tab.
-
Click Options > Trust Center > Trust Center Settings, and then click External Content.
-
Click the option that you want under Security settings for Workbook Links:
-
Enable automatic update for all Workbook Links (not recommended) Click this option if you want links to data in another workbook to be updated automatically in the current workbook without receiving a security warning. We don't recommend this option, because automatically updating links to data in workbooks that you are not familiar with can be harmful. Use this option only when you trust the workbooks that the data is linked to. You may want to select this option temporarily, and then return to the default setting when you no longer need it.
-
Prompt user on automatic update for Workbook Links This is the default option. Click this option if you want to receive a security warning whenever you run automatic updates in the current workbook for links to data in another workbook.
-
Disable automatic update of Workbook Links Click this option if you don't want links in the current workbook to data in another workbook to be updated automatically.
-
Change settings for Linked Data Types
When you create Linked data types, Excel connects to an online data source and returns detailed information about certain values, such as company stocks or geographies. For instance, converting the word Microsoft to a linked data type will return information about the Microsoft Corporation, such as location, number of employees, stock price, and so on.
-
In Excel, click the File tab.
-
Click Options > Trust Center > Trust Center Settings, and then click External Content.
-
Click the option that you want under Security settings for Linked Data Types:
-
Enable all Linked Data Types (not recommended) Click this option if you want to create linked data types without receiving a security warning. The data for linked data types is currently provided through Microsoft, but as with all external data, you should only choose this option if you trust the data source. You may want to select this option temporarily, and then return to the default setting when you no longer need it.
-
Prompt user about Linked Data Types This is the default option. Click this option if you want to receive a security warning whenever you create linked data types.
-
Disable automatic update of Linked Data Types Click this option if you don't want to enable linked data types..
-
Change settings for Dynamic Data Exchange
Dynamic Data Exchange (DDE) is an older Microsoft technology that transfers data between applications.
-
In Excel, click the File tab.
-
Click Options > Trust Center > Trust Center Settings, and then click External Content.
-
Click the option that you want under Security settings for Dynamic Data Exchange:
-
Enable Dynamic Data Exchange Server Lookup Check this option if you want to enable Dynamic Data Exchange server lookup. If this option is checked, DDE servers that are already running will be visible and usable. By default, this option is checked.
-
Enable Dynamic Data Exchange Server Launch (not recommended) Check this option if you want to enable Dynamic Data Exchange server launch. If this option is checked, Excel will start DDE servers that are not already running and allow data to be sent out of Excel. For security reasons, it is recommended that you leave this box unchecked. By default, this option is unchecked.
Change settings for opening Microsoft Query files (.iqy, .oqy, .dqy, and .rqy) from an untrusted source
Using Microsoft Query, you can connect to external data sources, select data from those external sources, import that data into your worksheet, and refresh the data as needed to keep your worksheet data synchronized with the data in the external sources.
-
In Excel, click the File tab.
-
Click Options > Trust Center > Trust Center Settings, and then click External Content.
-
There is only one option:
-
Always block the connection of untrusted Microsoft Query files (.iqy, .oqy, .dqy, and .rqy) Check this option if you want to block connections to Microsoft Query files.
Need more help?
You can always ask an expert in the Excel Tech Community, get support in the Answers community, or suggest a new feature or improvement on Excel User Voice.
No comments:
Post a Comment