Outdated browser plugins are a huge security risk on today's Internet. While some companies have started to block outdated plugins and insecure ones, others have not done so until now.
Microsoft just announced that it will implement changes to Internet Explorer browsers on Windows 7 and newer operating systems that will block some ActiveX controls that are out of date.
To be precise, Microsoft will only block select Java versions using the new security feature. According to the company, Java exploits represented more than 84% of "exploit kit-related detections each month in 2013" making it a high profile target for Microsoft.
The new feature that Microsoft will launch August 12 prevents web pages from loading ActiveX controls that Microsoft has added to a blocklist.
The following controls are affected by this at the time of writing
Internet Explorer displays a notification to the user when a request to run the control is blocked by the browser.
Java(TM) was blocked because it is out of date and needs to be updated.
Options displayed to users include updating Java or to run the control this time. The notification looks different when Internet Explorer 8 is used but makes available the same functionality.
A click on update loads the control's website, in this case the Java website, where the latest version of the software can be downloaded from.
The new blocking feature will launch for Internet Explorer users on Window 7 or newer. On Windows 8, it is only available for desktop versions of the browser as Java cannot be run in the Start Screen version of it.
Requests are only blocked in some zones such as the Internet Zone. Contents won't be blocked in the Local Intranet Zone or the Trusted Sites Zone.
Group Policy Controls
Microsoft has added new Group Policy options to provide better control of the feature in managed environments. Four new Group Policy settings are being made available:
The implementation of the feature is a step in the right direction. While it makes sense to start with the plugin or control that is exploited the most, it is likely that Microsoft will add other ActiveX controls to the blocklist in the future to protect users further.Advertisement
If you like our content, and would like to help, please consider making a contribution: