Microsoft Gives ActiveX Reprieve to Some Customers

Users who are unprepared for changes that Microsoft has made to the way its Internet Explorer browser handles ActiveX can get a reprieve, the company said Wednesday.

The software vendor’s latest round of security patches, released Tuesday, alter the way that IE processes dynamic content like QuickTime or Java. The changes, made in response to a 2003 patent lawsuit loss to the University of California and Eolas Technologies, have forced developers to reprogram parts of their Web applications.

This has caused problems, in particular for users of commercial software that is accessed via Internet Explorer. Some versions of Oracle’s Web-based Siebel client, for example, were rendered inoperable by the changes. Most vendors have fixed their server software so that there is little disruption, but there may still be some applications that have problems. A list of those applications can be found here.

Microsoft has gradually been rolling these changes into various IE updates for several months now. Until yesterday, users who weren’t prepared could download a “compatibility patch” that would undo the ActiveX changes, but that compatibility patch is rendered inoperable by the latest IE security update.

However, Microsoft is providing some users with a reprieve, said Stephen Toulouse, a security program manager with Microsoft’s security response center.

“We’re urging those customers to contact their Microsoft technical account managers so we can look at what solutions they can provide,” said Toulouse. Microsoft can help in deploying the newer version of the Web application or it can extend the life of the compatibility patch, he said.

As with the earlier compatibility software, this patch is being delivered as a custom hot fix, which means it must be installed manually, said Jeff Centimano, an IT consultant based in Kansas City, Mo.

It is not being made public, but will be delivered to select customers who contact Microsoft, Toulouse said.

Although Microsoft has given users and software vendors months to prepare for these ActiveX changes, it has not been enough time for everyone, Centimano said. Some users have ended up blocking the latest IE security updates in order to keep their Web applications running, he added, a move that puts them at risk now that exploits have been published for the latest IE flaws.

“It would have been better if we’d had more time,” Centimano said. “But with IT people, unless you light a fire under them, they’re not going to take a hard look at their applications.”

-Robert McMillan, IDG News Service (San Francisco Bureau)

This article is posted on our Microsoft Informer page. For more news on the Redmond, Wash.-based powerhouse, keep checking in.

Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.