In its August 2014 update, Microsoft released an Internet Explorer update that allows for old, insecure ActiveX...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
controls to be blocked. How does it work, and how should we configure it in our organization?
Blocking outdated browser plug-ins is one of the new security features many popular browsers have added to prevent the browser from being used in an attack on end users. Some browsers are blocking old versions of Adobe Flash or the Java Runtime Environment; now Internet Explorer is adding functionality to block outdated ActiveX controls that are insecure.
Microsoft previously released manual "Fix its" and other guidance to disable insecure ActiveX controls, but the company disabling these controls itself is the next step. While Microsoft, Apple, Mozilla and Google could delete old, insecure versions of Flash, Java, ActiveX controls or other installed software, this could have negative repercussions for enterprises that require these versions. Plus, an enterprise might have implemented other security controls to compensate for these required insecure applications.
Microsoft security bulletin MS14-051 included functionality to block outdated ActiveX controls. Microsoft stated in its blog post that the new functionality can be managed by adding approved URLs with old, insecure ActiveX controls to the intranet or Trusted Sites zone in IE, which allows enterprises to centrally manage this functionality.
Enterprises should test their ActiveX controls to see if they are using the old, insecure versions. Enterprises that must allow outdated ActiveX controls should pressure their vendors to update the control to prevent it from being used maliciously. Such organizations should also implement security controls such as application virtualization, sandboxes or whitelisting to compensate for these required insecure applications.
Ask the Expert!
SearchSecurity expert Nick Lewis is ready to answer your enterprise threat questions -- submit them now! (All questions are anonymous.)
Dig Deeper on Microsoft Windows security
Related Q&A from Nick Lewis
The CIA Vault 7 cache exposed the Brutal Kangaroo USB malware, which can be spread to computers without an internet connection. Learn how this is ...continue reading
Kaspersky Lab recently accused Windows 10 of acting as an antivirus block to third-party antimalware software. Discover how your software is being ...continue reading
QakBot malware triggered hundreds of thousands of Microsoft Active Directory account lockouts. Discover the malware's target and how these attacks ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.