Microsoft Offers More Time on Eolas Changes

Corporate developers who are not ready for an upcoming Internet Explorer update are getting a reprieve.

The next security update for Internet Explorer, expected by April 11, is scheduled to include changes to the way ActiveX processes dynamic content. These changes will force developers to make changes to their websites and intranets, but Microsoft said Wednesday that it now plans to also release a second “compatibility patch” that will undo the ActiveX changes.

Without the compatibility patch, programmers must make changes to their server software. Otherwise, Internet Explorer will force users to click on a pop-up “tool tip” dialog box before being able to interact with things like Flash or QuickTime.

The compatibility patch will allow users to avoid the tool tip boxes on sites that have not made the changes, but only for a limited time.

“This patch will function until the June IE security update is released at which time the changes to ActiveX are permanent,” said Microsoft’s public relations agency in an e-mail statement. That update is scheduled to be released June 13.

Microsoft is making the ActiveX changes in order to comply with a 2003 ruling against the company that found it had violated a patent held by Eolas Technologies and the University of California. Though Microsoft is appealing this ruling, and challenging the validity of the patent with the U.S. Patent Office, Microsoft still must make the changes or risk being found in contempt of court.

Though website operators and corporate developers are facing headaches, these changes will amount to little more than an annoyance for most IE users. They will not actually prevent Flash or QuickTime from running, but simply add the extra step of clicking on the tool tip.

The compatibility patch will be of more use to corporate IT departments than website operators, because corporate shops will be in a position to control whether their users install the software.

“While most Internet sites have already prepared for the ActiveX changes, some enterprise customers have given feedback that more time is needed to ensure applications are compatible with the ActiveX changes,” the Microsoft statement said.

This next security update will be an important one, as it will also fix an unpatched vulnerability in Internet Explorer that hackers have been exploiting for a number of days now. This bug, which relates to the way Internet Explorer processes webpages using the createTextRange() method, is considered critical because it can be exploited by hackers to run unauthorized software on a victim’s machine.

-Robert McMillan, IDG News Service

(Elizabeth Montalbano, also of the IDG News Service, contributed to this story.)

For related news coverage, read Eolas Changes to Go Widespread With Next IE Update.

This article is posted on our Microsoft Informer page. For more news on the Redmond, Wash.-based powerhouse, keep checking in.

Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.