As part of Microsoft's ongoing effort to improve the security of its Internet Explorer browser, the company has started blocking outdated ActiveX plugins from being enabled.
ActiveX controls have been a feature of Internet Explorer for a very long time and help in enabling interactive content through the browser. Most third-party plugins such as Adobe Flash and Java make use of ActiveX to present content. However, it has been observed that these controls often have security vulnerabilities which can be exploited by hackers. Recently, Microsoft has started working on making IE secure and is now shifting its focus towards third-party plugins which can compromise the browser.
According to Microsoft, Java exploits comprised 84.6% to 98.5% vulnerabilities throughout 2013. Although, the plugins have been updated to fix the vulnerabilities, users sometimes ignore the updates, leaving the system at risk.
In order to prevent such security risks, Microsoft will start blocking outdated ActiveX controls starting August 12th on the following platforms:
- Windows 7 SP1 with IE8+
- Windows 8 with IE11 for the desktop
Trusted network zones and local intranet will be excluded from the blacklist and controlled test environments can install the controls as well. A complete list of the outdated ActiveX controls has been published by Microsoft. Server administrators should check out the documentation provided at source.
Source: MSDN Blogs | Image via Microsoft