In the wake of a recent security report that threw light on Internet Explorer falling prey to the maximum number of security vulnerabilities during the first half of 2014, Microsoft has now announced that it will begin blocking outdated and old ActiveX controls within IE, via a new security feature called 'out-of-date ActiveX control blocking.'
However, IE users will need to wait till 12 August, as the Redmond-based company has stated that it will block inappropriate ActiveX controls via an update which is slated to be made available starting 'Patch Tuesday'.
"As part of our ongoing commitment to delivering a more secure browser, starting August 12th Internet Explorer will block out-of-date ActiveX controls," stated Microsoft, in an official blog post.
Blocking ancient Java versions
Initially, Microsoft will start blocking Java which is tipped as the most vulnerable ActiveX control. Running the correct version of Java should be accorded the highest significance, as according to a recent security analysis, around 47% of IE users were found to use outdated Java versions, thus putting them at an enhanced security risk.
Also, Microsoft's own 'Security Intelligence' report has found Java related exploits formed a majority of security attacks. These attacks are targeted at Windows users across the globe.
"We are initially flagging older versions of Java, but over time will add other outdated ActiveX controls to the list," states Microsoft.
Windows versions for which Microsoft's latest out-of-date ActiveX control blocking is applicable:
Users of Microsoft's Windows 7 Service Pack 1 (SP1) are covered under the company's outdated Active-X controls blocker initiative.
This initiative is applicable to Internet Explorer versions starting from IE 8 through IE11, on Windows 7 SP1.
Also, Windows 8 (and above) desktop customers come under the ambit of Microsoft's 'Outdated Active-X plugin blocker'.
Features of the Microsoft out-of-date Active-X control blocker:
- Alerts users when Internet Explorer prevents a Web page from loading common, but outdated, ActiveX controls.
- Users can interact with other parts of the Web page that aren't affected by the outdated control.
- Users will be able to update the outdated control, so that it is up-to-date and safer to use.
Interface of the out-of-date ActiveX control blocker
Once the ActiveX control update settles on a computer, users should get a default notification (similar to Google Chrome), that issues an alert about an outdated ActiveX control. Check the screenshots below:
Users will have options to either update the outdated ActiveX control, or continue with the outdated plugin by trespassing the warning (about the outdated plugin).
To update an outdated control, users can click 'Update' from the list of options that is provided in the notification bar.
"Clicking "update" will take you to the control's Web site to download its latest version. Optionally, in managed environments, IT can configure the feature to block—and not just warn—a user from running out-of-date ActiveX controls," add engineers at Microsoft.
In tandem with the above notification, IE users will also be provided with a security warning whenever a web page launches specific outdated applications, outside of the IE web browser.
Time for Windows XP users to upgrade
With Microsoft having announced that it will supply the out-of-date ActiveX blocker update to recent versions of IE, users on Windows XP (comprising nearly 25% worldwide) preferring to go online via IE (XP does not support latest IE versions now) are not eligible to receive the out-of-date ActiveX blocker.