ie8icon1Microsoft plans to release an update for Internet Explorer that will fix a security threat which has plagued the browser for years.  Originally planned for release on August 12th, the security fix will block out-of-date ActiveX controls and reduce the threat of Java based malware intrusions.  Microsoft has revealed that while the feature and related Group Policies will still be available on August 12, no out-of-date ActiveX controls will be blocked until Tuesday, September 9th.

Java is one of the most commonly exploited applications that can be installed on a computer.  In fact, Cisco’s most recent security audit report found that 91% of all web-based exploits in 2013 took advantage of Java vulnerabilities. New versions of Java are released regularly but studies have shown that it is one of the most neglected and infrequently updated applications across both PC and Mac platforms.  Outdated Java ActiveX controls are security threats because malware writers commonly use hacked websites to target the security flaws contained within the controls. Once the hackers have exploited the outdated controls, they can begin to harvest data, install damaging software, or take control of your computer.

The Internet Explorer update will feature Out-of-date ActiveX control blocking which lets you:

  • Know when Internet Explorer prevents a Web page from loading common, but outdated, ActiveX controls.
  • Interact with other parts of the Web page that aren’t affected by the outdated control.
  • Update the outdated control, so that it’s up-to-date and safer to use.
  • Inventory the ActiveX controls your organization is using.

The September update will be available for Internet Explorer versions 8 through 11.  While this update is greatly appreciated it should be noted that Internet Explorer is still behind when it comes to internet browser security.  Both Firefox and Chrome have previously implemented extensive security restrictions on Java that automatically block many versions of the troublesome plugin.  Still, this is definitely a step in the right direction and it’s nice to see Microsoft adding measures to better secure their platform.

– Richard Keene
IT Computer Support of New York
Webmaster and Lead Designer