rvlsoft - Fotolia

Manage Learn to apply best practices and optimize your operations.

How can outdated ActiveX controls be blocked?

Outdated ActiveX controls can pose serious security risks. Enterprise threats expert Nick Lewis discusses how to block them in the enterprise.

In its August 2014 update, Microsoft released an Internet Explorer update that allows for old, insecure ActiveX controls to be blocked. How does it work, and how should we configure it in our organization?

Blocking outdated browser plug-ins is one of the new security features many popular browsers have added to prevent the browser from being used in an attack on end users. Some browsers are blocking old versions of Adobe Flash or the Java Runtime Environment; now Internet Explorer is adding functionality to block outdated ActiveX controls that are insecure.

Microsoft previously released manual "Fix its" and other guidance to disable insecure ActiveX controls, but the company disabling these controls itself is the next step. While Microsoft, Apple, Mozilla and Google could delete old, insecure versions of Flash, Java, ActiveX controls or other installed software, this could have negative repercussions for enterprises that require these versions. Plus, an enterprise might have implemented other security controls to compensate for these required insecure applications.

Microsoft security bulletin MS14-051 included functionality to block outdated ActiveX controls. Microsoft stated in its blog post that the new functionality can be managed by adding approved URLs with old, insecure ActiveX controls to the intranet or Trusted Sites zone in IE, which allows enterprises to centrally manage this functionality.

Enterprises should test their ActiveX controls to see if they are using the old, insecure versions. Enterprises that must allow outdated ActiveX controls should pressure their vendors to update the control to prevent it from being used maliciously. Such organizations should also implement security controls such as application virtualization, sandboxes or whitelisting to compensate for these required insecure applications.

Ask the Expert!
SearchSecurity expert Nick Lewis is ready to answer your enterprise threat questions -- submit them now! (All questions are anonymous.)

Next Steps

Learn more about the dangers of ActiveX controls and how to prevent ActiveX security threats.

This was last published in March 2015

Dig Deeper on Microsoft Windows security