October 2014 updates and a preview of changes to out-of-date ActiveX control blocking
This post describes the October updates for Internet Explorer that we are releasing today and provides a preview of updates to out-of-date ActiveX control blocking coming in November 2014.
October Updates
Microsoft Security Bulletin MS14-056 - This critical security update resolves one publicly disclosed vulnerability and fourteen privately reported vulnerabilities in Internet Explorer. For more information see the full bulletin.
Security Update for Flash Player (3001237) - This security update for Adobe Flash Player in Internet Explorer 10 and 11 on supported editions of Windows 8, Windows 8.1 and Windows Server 2012 and Windows Server 2012 R2 is also available. The details of the vulnerabilities are documented in Adobe security bulletin APSB11-22. This update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash binaries contained within Internet Explorer 10 and Internet Explorer 11. For more information, see the advisory.
Updates to out-of-date ActiveX control blocking coming in November
As we shared back in September, and as part of our ongoing commitment to delivering a more secure browser, we want to help you stay up-to-date with the latest versions of popularly installed ActiveX controls. Today, we’d like to share two exciting updates to the out-of-date ActiveX control blocking feature: updates to our supported operating system and browser combinations and out-of-date Silverlight blocking.
Out-of-date ActiveX control blocking on Windows Vista SP2 and Windows Server 2008 SP2
Beginning January 12, 2016, we’re going to support the following operating system and browser combinations (for more info, see this announcement):
| Windows operating system | Internet Explorer version |
| Windows Vista SP2 | Internet Explorer 9 |
| Windows Server 2008 SP2 | Internet Explorer 9 |
| Windows 7 SP1 | Internet Explorer 11 |
| Windows Server 2008 R2 SP1 | Internet Explorer 11 |
| Windows 8.1 | Internet Explorer 11 |
| Windows Server 2012 | Internet Explorer 10 |
| Windows Server 2012 R2 | Internet Explorer 11 |
Right now, the out-of-date ActiveX control blocking feature works on all of these combinations except Windows Vista SP2 and Windows Server 2008 SP2 with Internet Explorer 9. Support for these combinations is expected to start on November 11, 2014.
Out-of-date Silverlight blocking
Starting on November 11, 2014, we’re expanding the out-of-date ActiveX control blocking feature to block outdated versions of Silverlight. This update notifies you when a Web page tries to load a Silverlight ActiveX control older than (but not including) Silverlight 5.1.30514.0.
You can continue to view the complete list of out-of-date ActiveX controls being blocked by this feature here.
Enterprise testing for out-of-date Silverlight ActiveX control blocking
Remember, out-of-date ActiveX controls aren’t blocked in the Local Intranet Zone or the Trusted Sites Zone, so your intranet sites and trusted line-of-business apps should continue to use ActiveX controls without any disruption.
If you want to see what happens when an employee goes to a Web page with an out-of-date Silverlight ActiveX control after November 11, 2014, you can run this test.
On a test computer, install the most recent cumulative update for Internet Explorer.
Open a command prompt and run this command to stop downloading updated versions of the versionlist.xml file:
reg add "HKCU\Software\Microsoft\Internet Explorer\VersionManager" /v DownloadVersionList /t REG_DWORD /d 0 /fImportant:
After you’re done testing, delete this registry key. If you don’t, this computer will stop receiving the updated VersionList.xml file with all of the out-of-date ActiveX controls. Because of this, we don’t recommend setting this registry key in your production environment.
Copy the test versionlist-TEST.xml file from here to
%LOCALAPPDATA%\Microsoft\Internet Explorer\VersionManager\Rename this file to versionlist.xml. Make sure you agree to overwrite any existing file.Important:here
After you’re done testing, replace this file with its production version from
. We don’t recommend manually changing the versionlist.xml file in your production environment.
Restart Internet Explorer.
You’ll now get an out-of-date ActiveX control blocking notice when a Web site tries to load an outdated Silverlight ActiveX control.
If you need more time to minimize your reliance on outdated Silverlight controls, see the Out-of-date ActiveX control blocking on managed devices section of the Out-of-date ActiveX control blocking topic.
Additional resources
- Internet Explorer begins blocking out-of-date ActiveX controls
- Out-of-date ActiveX control blocking
- Update to block out-of-date ActiveX controls in Internet Explorer
- Administrative Templates for Internet Explorer
- Additional manageability setting for out-of-date ActiveX control blocking in Internet Explorer
— Cassie Condon, Senior Program Manager, Internet Explorer
— Jasika Bawa, Program Manager, Internet Explorer
Comments
Anonymous
October 14, 2014
IE Crashing and not responding is very extreme !?! Why ?Anonymous
October 14, 2014
my IE is doing the same thing. The exe does not seem to be working or coming on when I start my PC so I have to use Bing for Internet access. I have IE 11 installed but it just does not give me net access.Anonymous
October 14, 2014
Nothing about the new features in Internet Explorer 11.0.13?Anonymous
October 14, 2014
The comment has been removedAnonymous
October 14, 2014
Summary: -- All except for the most recent Silverlight activeX release 5.1.30514.0 July 2014 are blocked.Anonymous
October 14, 2014
Hm i still get no any warning if Java6#45 is installedAnonymous
October 14, 2014
e.g Java 7#40 will cause a warning/block but 6#45 not. So i assume the XML Version info is wrong for this Version.Anonymous
October 15, 2014
It'd be in your best interest to take a peak here http://goo.gl/wxnsTl and consider the information if you want some knowledge of what you're dealing with.Anonymous
October 15, 2014
Oracle released new security updates for Java 8#25 and 7#71 But MS XML not updated to block older unsave ones (8#20 / 7#67) yet.Anonymous
October 15, 2014
There is a wish. IE12 should release the preview version only for Windows 10 at least early. The present technical preview version was still IE12. And please also examine Windows 7 and offer which are turned Windows 8/8.1 and through which it passes in the future.Anonymous
October 16, 2014
Still no fix for the broken drop-down lists in the F12 tools, despite the comment at the end of July that this had been fixed. connect.microsoft.com/.../ie11-emulation-screen-document-mode-and-user-agent-dropdowns-blank-for-all-sitesAnonymous
October 16, 2014
And when MS will add TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks ? tools.ietf.org/.../draft-ietf-tls-downgrade-scsv-00 to Schhannel ? As well as disable SSL3 by Default ?Anonymous
October 17, 2014
The comment has been removed