Microsoft Security Advisory (912945)
Non-Security Update for Internet Explorer
Published: | Updated:
Microsoft Security Bulletin MS06-021 has been released and replaces Microsoft Security Bulletin MS06-013. The Compatibility Patch discussed in Microsoft Knowledge Base Article 917425 is also replaced by this security update. The changes to the way Internet Explorer handles ActiveX controls is made permanent by the updates included with Microsoft Security Bulletin MS06-021.
Microsoft originally released this security advisory discussing non-security update 912945 for Internet Explorer on February 28, 2006. This non-security update includes minor changes to how Internet Explorer handles some Web pages that use ActiveX controls and is being distributed to customers in phases. On Jan 9, 2006, Microsoft released this non-security update for Internet Explorer 6 for Windows XP Service Pack 2 to MSDN subscribers. On Feb 9, 2006 the same update became publicly available on MSDN. On February 28th it was distributed as a “recommended update” on Windows Update for Windows XP Service Pack 2 and for Windows Server 2003 Service Pack 1.
For the final phase of distribution, this non-security update is included in Microsoft Security Bulletin MS06-013, released on April 11, 2006. This security update replaces non-security update 912945 for Internet Explorer. For more information about this non-security update for Internet Explorer, see Microsoft Knowledge Base Article 912945.
Although most Internet sites have already prepared for the changes in the way that Internet Explorer handles some ActiveX controls, some enterprise customers have given feedback that more time is needed to ensure that corporate line-of-business applications are compatible with this change to Internet Explorer.
Compatibility Patch – To help enterprise customers who need more time to prepare for the ActiveX update changes discussed in Microsoft Knowledge Base Article 912945 and included in Microsoft Security Bulletin MS06-013, Microsoft is releasing a Compatibility Patch on April 11, 2006. As soon as it is deployed, the Compatibility Patch will temporarily return Internet Explorer to the previous functionality for handling ActiveX controls. This Compatibility Patch will function until an Internet Explorer update is released as part of the June update cycle, at which time the changes to the way Internet Explorer handles ActiveX controls will be permanent. This compatibility patch may require an additional restart for systems it is deployed on. For more information, see Microsoft Knowledge Base Article 917425.
General Information
Overview
Purpose of Advisory: To inform customers that the changes included with update 912945 are included in the Internet Explorer Cumulative Security update associated with Microsoft Security Bulletin MS06-013. The advisory also discusses the availability of a Compatibility Path that will temporarily return Internet Explorer to the previous functionality for handling ActiveX controls after the installation of the updates included with Microsoft Security Bulletin MS06-013.
| References | Identification |
|---|---|
| Microsoft Knowledge Base Article | 917425 |
| Microsoft Security Bulletin | MS06-013 |
| Microsoft Knowledge Base Article | 912812 |
| Microsoft Knowledge Base Article | 912945 |
This advisory discusses the following software
| Related Software |
|---|
| Internet Explorer 6 for Microsoft Windows XP Service Pack 2 |
| Internet Explorer for Microsoft Windows Server 2003 Service Pack 1 |
| Internet Explorer 6 for Microsoft Windows Server 2003 with SP1 for Itanium-based Systems |
| Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition and Microsoft Windows XP Professional x64 Edition |
Frequently Asked Questions
What are the changes to the way ActiveX controls operate after the updates included with MS06-013 are applied?
With this update, customers can interact with Microsoft ActiveX controls that are loaded in certain Web pages only after they manually activate their user interfaces. They do this by clicking the user interface or by using the TAB key and the ENTER key.
These changes are included in the Microsoft Security Bulletin MS06-013 security updates for Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, Windows XP Professional x64 Edition, Windows Server 2003 x64 Edition family, and Windows Server 2003 with Service Pack 1 for Itanium-based Systems.
Why is Microsoft changing the behavior of ActiveX control in Internet Explorer?
This update to Internet Explorer technology relates to Microsoft’s involvement with the Eolas Technologies and the Regents of the University of California v. Microsoft patent case (Eolas versus Microsoft). Microsoft is releasing the update in phases to provide website developers with early access for testing and feedback on the new ActiveX functionality.
How is the Compatibility Patch 917425 released?
Update 917425 is available on the Download Center. For more information, see Microsoft Knowledge Base Article 917425.
Suggested Actions
Other Information
Resources:
- You can provide feedback by completing the form by visiting the following Web site.
- Customers in the U.S. and Canada can receive technical support from Microsoft Product Support Services. For more information about available support options, see the Microsoft Help and Support Web site.
- International customers can receive support from their local Microsoft subsidiaries. For more information about how to contact Microsoft for international support issues, visit the International Support Web site.
- The Microsoft TechNet Security Web site provides additional information about security in Microsoft products.
Disclaimer:
The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Revisions:
- February 28, 2006: Advisory published.
- March 23, 2006: Advisory updated to highlight where customers can download the update.
- March 29, 2006: Advisory updated to indicate that this non-security update will be included with the IE security update, and that this next security update will address the issues detailed in Microsoft Security Advisory 917077. Also, the advisory has been updated to information customers that a Compatibility Patch will be created that will allow customers to temporarily return IE to the previous functionality for handling ActiveX controls.
- April 3, 2006: Advisory updated to clarify that the Compatibility Patch will be replaced in the June update cycle.
- April 11, 2006: Advisory updated to advise of the release of Microsoft Security Bulletin MS06-013 and the Compatibility Patch.
- June 13, 2006: Advisory updated to advise of the release of Microsoft Security Bulletin MS06-021.