In case you missed it, Microsoft
recently announced that its Internet Explorer
browser will begin blocking out-of-date ActiveX
controls starting September 9, 2014. This was originally supposed to go into effect tomorrow (August 12), though Microsoft decided to push things back a month to clear up customer confusion, and to give IT departments additional time to prepare.
Microsoft wants to create a more secure browser, and since ActiveX controls are a popular means of entry for malware, blocking outdated ones altogether seems to be the safest bet in Redmond's mind. That might not be the case if ActiveX controls were regularly updated, but that doesn't always happen, making out-of-date ActiveX controls a security risk when new ones are available.
"For example, according to the latest Microsoft Security Intelligence Report
, Java exploits represented 84.6 percent to 98.5 percent of exploit kit-related detections each month in 2013," Microsoft explained in a blog post. "These vulnerabilities may have been fixed in recent versions, but users may not know to upgrade."
This is why Microsoft has chosen to introduce a new security featured called out-of-date ActiveX control blocking. What this will do is let you know when IE prevents a website from loading common, but outdated ActiveX controls. You'll still be able to interact with other parts of the webpage, just not the parts affected by the outdated control.
According to Microsoft, only Oracle Java ActiveX controls will be affected when the update is rolled out in September -- all other ActiveX controls will continue their existing behavior. In addition, this feature won't affect applications that use out-of-date Java outside of IE.