News

IE To Block Outdated Silverlight Plug-ins Next Month

Microsoft provided some news today about its Internet Explorer ActiveX blocking feature, including future support for blocking outdated Silverlight plug-ins.

ActiveX blocking is an IE security feature in that took effect on Sept. 9. It's been limited, so far, to acting on outdated Oracle Java ActiveX installations in IE. Users of the IE browser get a warning message that the old Java ActiveX control was blocked. They can then choose to either update the ActiveX control or run the control that was blocked (something that's not recommended by Microsoft). The problem with running outdated ActiveX controls is that they can be subject to malware exploits.

Many organizations may be just starting to get their feet wet with using the ActiveX blocking feature, but Microsoft is gradually expanding its scope. For instance, ActiveX blocking will be expanded to block outdated Silverlight plug-ins, starting on Nov. 11, 2014, Microsoft announced today. Silverlight is a browser plug-in that enables multimedia content on browsers. The ActiveX blocking feature will alert an IE browser user if they are running Silverlight plug-ins older than version 5.1.30514.0.

Microsoft's announcement also noted that ActiveX blocking currently does not work with IE 9 on Windows Vista Service Pack 2 or Windows Server 2008 Service Pack 2. Support for IE 9 ActiveX blocking on those operating systems is expected to be in effect on Nov. 11, 2014.

ActiveX blocking can be problematic for organizations running older Web applications on company intranets. Consequently, Microsoft has disabled ActiveX blocking for applications listed in IE's Local Intranet Zone and its Trusted Sites Zone. There are also Group Policy controls that can be used to control ActiveX blocking. It can even be turned off, if wanted.

Microsoft describes those ActiveX blocking details for IT pros in this TechNet article.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Microsoft Changes Privacy Platform Name to SmartNoise

    Microsoft Research has changed the name of its "differential privacy" platform from "WhiteNoise" to "SmartNoise," according to a Wednesday announcement.

  • Why Restarting a Failed SCVMM Job Might Be a Bad Idea

    Occasionally, restarting a failed System Center Virtual Machine Manager job can leave your virtualization infrastructure in an unknown state. Here's how to avoid that.

  • Microsoft Starts Delivery of Latest Windows 10 Feature Update to Surface Hub 2S Devices

    Microsoft last week announced that users of Surface Hub 2S videoconference screens soon will be getting the latest Windows 10 feature update.

  • Microsoft Joins MEF To Bolster Azure for Operators Services

    Microsoft has joined the MEF, a nonprofit industry association that aims to standardize various software-defined networking (SDN) technologies used by service providers and enterprises.

comments powered by Disqus