IE To Block Outdated Silverlight Plug-ins Next Month

Microsoft provided some news today about its Internet Explorer ActiveX blocking feature, including future support for blocking outdated Silverlight plug-ins.

ActiveX blocking is an IE security feature in that took effect on Sept. 9. It's been limited, so far, to acting on outdated Oracle Java ActiveX installations in IE. Users of the IE browser get a warning message that the old Java ActiveX control was blocked. They can then choose to either update the ActiveX control or run the control that was blocked (something that's not recommended by Microsoft). The problem with running outdated ActiveX controls is that they can be subject to malware exploits.

Many organizations may be just starting to get their feet wet with using the ActiveX blocking feature, but Microsoft is gradually expanding its scope. For instance, ActiveX blocking will be expanded to block outdated Silverlight plug-ins, starting on Nov. 11, 2014, Microsoft announced today. Silverlight is a browser plug-in that enables multimedia content on browsers. The ActiveX blocking feature will alert an IE browser user if they are running Silverlight plug-ins older than version 5.1.30514.0.

Microsoft's announcement also noted that ActiveX blocking currently does not work with IE 9 on Windows Vista Service Pack 2 or Windows Server 2008 Service Pack 2. Support for IE 9 ActiveX blocking on those operating systems is expected to be in effect on Nov. 11, 2014.

ActiveX blocking can be problematic for organizations running older Web applications on company intranets. Consequently, Microsoft has disabled ActiveX blocking for applications listed in IE's Local Intranet Zone and its Trusted Sites Zone. There are also Group Policy controls that can be used to control ActiveX blocking. It can even be turned off, if wanted.

Microsoft describes those ActiveX blocking details for IT pros in this TechNet article.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Google IDs on Azure Active Directory B2B Service Now at 'General Availability'

    Microsoft announced on Wednesday that users of the Google identity and access service can use their personal log-in IDs with the Azure Active Directory B2B service to access resources as "guests."

  • Top 4 Overlooked Features of a Data Backup Strategy

    When it comes to implementing an airtight backup-and-recovery plan, these are the four must-have features that many enterprises nevertheless tend to forget.

  • Microsoft Bolsters Kubernetes with Azure Confidential Computing

    Microsoft on Tuesday announced various developments concerning the use of Kubernetes, an open source container orchestration solution fostered by Google.

  • Windows Will Have Support for Encrypted DNS

    Microsoft announced this week that the Windows operating system already has support for an encrypted Domain Name System option that promises to add greater privacy protections for Internet connections.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.