Microsoft to Offer 2-Month ActiveX Reprieve

Next week’s batch of Microsoft patches will do more than update security for Internet Explorer (IE). Patch Tuesday will include a 60-day reprieve for developers still adapting to a February upgrade of Internet Explorer 6.

This may be an admission that changes made to the way the browser handles ActiveX controls created some problems for Internet applications. The patent lawsuit by Eolas Technologies forced the changes to IE.

The non-security update to IE will
include a compatibility patch, which offers a reprieve until June for
enterprise customers that expressed the need for more time to adapt, Microsoft said Monday.

“As soon as it is deployed, the compatibility patch will temporarily
return Internet Explorer to the previous functionality for handling
ActiveX controls,” according to the security advisory.

First released to developers Feb. 9 and then publicly through Windows
Update Feb. 28, the update scheduled for April 11 will require IE users
to manually enable ActiveX controls embedded in Web pages.

While new
computers ship with the updated IE, Microsoft saw a need to give
developers more time to adapt, according to the Microsoft Security Response Center blog.

While the software giant is providing Web sites a reprieve
from the ActiveX changes, the company emphasizes the patch should be
removed as soon as applications are fixed.

Microsoft will also release a security
patch to address the createTextRange vulnerability, which became the
basis for recently reported IE exploits last month.

The delay in patching the vulnerability has prompted a spate of third-party patches to fill the gap.

News Around the Web