Earlier this month, Microsoft announced that with its Patch Tuesday update, it would start allowing Internet Explorer to block outdated ActiveX controls. However, with today’s update, instead of blocking the said elements, the company has provided users with 30 more days — until September — before it will automatically start squashing ActiveX controls.
Internet Explorer will soon start using a Microsoft-hosted file called versionlist.xml and determine whether an ActiveX control should be allowed to run. This will allow the browser to block elements like Java if it finds it to be vulnerable.
The company has now stated that it will offer this security feature, known as “out-of-date ActiveX control blocking” for Internet Explorer in September. Furthermore, Microsoft says that it will first start with blocking outdated Java files, and soon look into other vulnerable bodies.
Apparently the delay is because of customer feedback — people needed more time. The company says it is delaying the process “in order to give customers time to test and manage their environments.” When the feature will arrive on IE, it will allow users to manipulate ActiveX controls and deploy Group Policies to enable them to block ActiveX controls for a specific domain, or for all domains.
As of today, the related Group Policies still remain unaffected, however that will change come Tuesday, September 9th.Further reading: ActiveX, Internet Explorer, Microsoft