RealTime IT News

Microsoft to Offer 2-Month ActiveX Reprieve

Next week's batch of Microsoft patches will do more than update security for Internet Explorer (IE). Patch Tuesday will include a 60-day reprieve for developers still adapting to a February upgrade of Internet Explorer 6.

This may be an admission that changes made to the way the browser handles ActiveX controls created some problems for Internet applications. The patent lawsuit by Eolas Technologies forced the changes to IE.

The non-security update to IE will include a compatibility patch, which offers a reprieve until June for enterprise customers that expressed the need for more time to adapt, Microsoft said Monday.

"As soon as it is deployed, the compatibility patch will temporarily return Internet Explorer to the previous functionality for handling ActiveX controls," according to the security advisory.

First released to developers Feb. 9 and then publicly through Windows Update Feb. 28, the update scheduled for April 11 will require IE users to manually enable ActiveX controls embedded in Web pages.

While new computers ship with the updated IE, Microsoft saw a need to give developers more time to adapt, according to the Microsoft Security Response Center blog.

While the software giant is providing Web sites a reprieve from the ActiveX changes, the company emphasizes the patch should be removed as soon as applications are fixed.

Microsoft will also release a security patch to address the createTextRange vulnerability, which became the basis for recently reported IE exploits last month.

The delay in patching the vulnerability has prompted a spate of third-party patches to fill the gap.