August 13th, 2014, 19:45 PM
Microsoft Delays ActiveX Blocking In IE
Microsoft has delayed its plans to block out-of-date ActiveX controls in Internet Explorer (IE). Originally slated to take effect this week, the change will now go live on the company's next "Patch Tuesday," which falls on September 9. Microsoft altered its plans following customer complaints, one of several recent instance in which user feedback has visibly affected the company's actions.
In a blog post, Microsoft confirmed that the ActiveX blocking feature was included in the August IE Cumulative Security Update, but that it will not block any content for thirty days. ActiveX controls are add-ons that allow websites to display certain types of content, such as animations, and various interactive features. Not all ActiveX controls are kept up-to-date, however, and even among those that have been updated, current versions don't always find their ways to users. Microsoft plans to block old ActiveX controls because cybercriminals can exploit unpatched flaws to spy on the user, install malware, or even remotely take control of the machine.
Microsoft originally indicated it would widely block out-of-date Active X controls, but when it announced this week that it had postponed its plans, the company said it will deny only Oracle Java ActiveX -- at least for now. "We are initially flagging older versions of Java, but over time will add other outdated ActiveX controls to the list," the company said in a second blog post.