14 DAY TRIAL // This month’s Patch Tuesday is going to be a really critical moment for Microsoft users, not only because the company is going to introduce the new Windows 8.1 August Update, but also due to a major security update that’s going to be shipped to those running Internet Explorer on their computers.
Starting August 12, Internet Explorer will block out of date ActiveX controls, including old versions of Java that have until now exposed users and allowed a number of vulnerabilities to be exploited by cybercriminals online.
In a blog post published this morning, Microsoft cites its latest Security Intelligence Report to reveal that Java security glitches accounted for 84.6% to 98.5% of exploit kit-related detections each month in 2013, emphasizing that blocking out of date ActiveX controls is vital for users’ security.
Internet Explorer 8 through 11 on Windows 7 SP1, Internet Explorer 10 and 11 for the desktop on Windows 8 and 8.1 will prevent these controls from running starting August 12, the company says.
The following Java versions will be blocked:
J2SE 1.4, everything below (but not including) update 43 J2SE 5.0, everything below (but not including) update 71 Java SE 6, everything below (but not including) update 81 Java SE 7, everything below (but not including) update 65 Java SE 8, everything below (but not including) update 11
ActiveX controls, which have been around for a while in Microsoft’s in-house browser, are small apps that provide enhanced content when loading websites. While they do come in handy, ActiveX controls have also been used to exploit specific vulnerabilities in the browser, thus exposing users and their data.
Microsoft has developed a very simple yet powerful mechanism to block out of date controls, using a versionlist.xml file hosted on its servers to determine whether a specific item should be blocked or not. Every time you load a website, Internet Explorer retrieves information from this list to see whether any action is required or not. The company promises to update this list regularly, so new ActiveX controls will be added soon.
Whenever an ActiveX control is blocked by Internet Explorer, users are provided with a notification telling that the item “was blocked because it is out of date and needs to be updated.” There are two options available, namely “update” and “run this time,” with the latter obviously posing a bigger security risk to users because of the lack of updates.
As usual, Microsoft is recommending users to update to the latest versions of Internet Explorer, which are capable of providing enhanced protection against these old ActiveX controls, but also a higher overall security level when browsing the web.
Unfortunately, statistics show that Internet Explorer 8 is still being used by 21 percent of the desktop computers worldwide, so Microsoft still has a very long way to go to convince users to update.