27 April, 2006

ActiveX Control Change in IE: Release Date and More

Microsoft has made this rather confusing. If you support Windows with Internet Explorer or are a web application developer, read on; if not, skip to the last line.

The way I read security Bulletin MS06-013, the change has already been released, but a patch in IE is keeping it from being active. As quoted in the bulletin, "This Compatibility Patch will function until an Internet Explorer update is released as part of the June update cycle, at which time the changes to the way Internet Explorer handles ActiveX controls will be permanent."

This is also taken from the bulletin:
Some of the important modifications include the following:
  • Security level for the Internet zone is set to High. This setting disables scripts, ActiveX controls, Microsoft Java Virtual Machine (MSJVM), and file downloads.
  • Automatic detection of intranet sites is disabled. This setting assigns all intranet Web sites and all Universal Naming Convention (UNC) paths that are not explicitly listed in the Local intranet zone to the Internet zone.
  • Install On Demand and non-Microsoft browser extensions are disabled. This setting prevents Web pages from automatically installing components and prevents non-Microsoft extensions from running.
  • Multimedia content is disabled. This setting prevents music, animations, and video clips from running.
In addition to the security bulletin, Microsoft also has a TechNote: MS06-013: Cumulative security update for Internet Explorer. The TechNote talks about some potential issues with:
  • Siebel 7
  • Java Platform, Standard Edition 1.3, or 1.4
  • WMV HD DVD
  • Unexpected page load
There are two references to page load issues, 909889 and 909738, with solutions that include registry changes.

If you're still with me, and you have not tried Firefox yet, this would be a good time.

No comments: