Microsoft Security Advisory (912945)
Non-Security Update for Internet Explorer
Published: | Updated:
Microsoft Security Bulletin MS06-021 has been released and replaces Microsoft Security Bulletin MS06-013. The Compatibility Patch discussed in Microsoft Knowledge Base Article 917425 is also replaced by this security update. The changes to the way Internet Explorer handles ActiveX controls is made permanent by the updates included with Microsoft Security Bulletin MS06-021.
Microsoft originally released this security advisory discussing non-security update 912945 for Internet Explorer on February 28, 2006. This non-security update includes minor changes to how Internet Explorer handles some Web pages that use ActiveX controls and is being distributed to customers in phases. On Jan 9, 2006, Microsoft released this non-security update for Internet Explorer 6 for Windows XP Service Pack 2 to MSDN subscribers. On Feb 9, 2006 the same update became publicly available on MSDN. On February 28th it was distributed as a “recommended update” on Windows Update for Windows XP Service Pack 2 and for Windows Server 2003 Service Pack 1.
For the final phase of distribution, this non-security update is included in Microsoft Security Bulletin MS06-013, released on April 11, 2006. This security update replaces non-security update 912945 for Internet Explorer. For more information about this non-security update for Internet Explorer, see Microsoft Knowledge Base Article 912945.
Although most Internet sites have already prepared for the changes in the way that Internet Explorer handles some ActiveX controls, some enterprise customers have given feedback that more time is needed to ensure that corporate line-of-business applications are compatible with this change to Internet Explorer.
Compatibility Patch – To help enterprise customers who need more time to prepare for the ActiveX update changes discussed in Microsoft Knowledge Base Article 912945 and included in Microsoft Security Bulletin MS06-013, Microsoft is releasing a Compatibility Patch on April 11, 2006. As soon as it is deployed, the Compatibility Patch will temporarily return Internet Explorer to the previous functionality for handling ActiveX controls. This Compatibility Patch will function until an Internet Explorer update is released as part of the June update cycle, at which time the changes to the way Internet Explorer handles ActiveX controls will be permanent. This compatibility patch may require an additional restart for systems it is deployed on. For more information, see Microsoft Knowledge Base Article 917425.
- You can provide feedback by completing the form by visiting the following Web site.
- Customers in the U.S. and Canada can receive technical support from Microsoft Product Support Services. For more information about available support options, see the Microsoft Help and Support Web site.
- International customers can receive support from their local Microsoft subsidiaries. For more information about how to contact Microsoft for international support issues, visit the International Support Web site.
- The Microsoft TechNet Security Web site provides additional information about security in Microsoft products.
The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
- February 28, 2006: Advisory published.
- March 23, 2006: Advisory updated to highlight where customers can download the update.
- March 29, 2006: Advisory updated to indicate that this non-security update will be included with the IE security update, and that this next security update will address the issues detailed in Microsoft Security Advisory 917077. Also, the advisory has been updated to information customers that a Compatibility Patch will be created that will allow customers to temporarily return IE to the previous functionality for handling ActiveX controls.
- April 3, 2006: Advisory updated to clarify that the Compatibility Patch will be replaced in the June update cycle.
- April 11, 2006: Advisory updated to advise of the release of Microsoft Security Bulletin MS06-013 and the Compatibility Patch.
- June 13, 2006: Advisory updated to advise of the release of Microsoft Security Bulletin MS06-021.