N/A - KB912945

Microsoft Security Bulletin MS06-021 has been released and replaces Microsoft Security Bulletin MS06-013. The Compatibility Patch discussed in Microsoft Knowledge Base Article 917425 is also replaced by this security update. The changes to the way Internet Explorer handles ActiveX controls is made permanent by the updates included with Microsoft Security Bulletin MS06-021.

Microsoft originally released this security advisory discussing non-security update 912945 for Internet Explorer on February 28, 2006. This non-security update includes minor changes to how Internet Explorer handles some Web pages that use ActiveX controls and is being distributed to customers in phases. On Jan 9, 2006, Microsoft released this non-security update for Internet Explorer 6 for Windows XP Service Pack 2 to MSDN subscribers. On Feb 9, 2006 the same update became publicly available on MSDN. On February 28th it was distributed as a “recommended update” on Windows Update for Windows XP Service Pack 2 and for Windows Server 2003 Service Pack 1.

For the final phase of distribution, this non-security update is included in Microsoft Security Bulletin MS06-013, released on April 11, 2006. This security update replaces non-security update 912945for Internet Explorer. For more information about this non-security update for Internet Explorer, see Microsoft Knowledge Base Article 912945.

Although most Internet sites have already prepared for the changes in the way that Internet Explorer handles some ActiveX controls, some enterprise customers have given feedback that more time is needed to ensure that corporate line-of-business applications are compatible with this change to Internet Explorer.

Compatibility Patch – To help enterprise customers who need more time to prepare for the ActiveX update changes discussed in Microsoft Knowledge Base Article 912945 and included in Microsoft Security Bulletin MS06-013, Microsoft is releasing a Compatibility Patch on April 11, 2006. As soon as it is deployed, the Compatibility Patch will temporarily return Internet Explorer to the previous functionality for handling ActiveX controls. This Compatibility Patch will function until an Internet Explorer update is released as part of the June update cycle, at which time the changes to the way Internet Explorer handles ActiveX controls will be permanent. This compatibility patch may require an additional restart for systems it is deployed on. For more information, see Microsoft Knowledge Base Article 917425.

What are the changes to the way ActiveX controls operate after the updates included with MS06-013 are applied?
With this update, customers can interact with Microsoft ActiveX controls that are loaded in certain Web pages only after they manually activate their user interfaces. They do this by clicking the user interface or by using the TAB key and the ENTER key.

These changes are included in the Microsoft Security Bulletin MS06-013 security updates for Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, Windows XP Professional x64 Edition, Windows Server 2003 x64 Edition family, and Windows Server 2003 with Service Pack 1 for Itanium-based Systems.

Why is Microsoft changing the behavior of ActiveX control in Internet Explorer?
This update to Internet Explorer technology relates to Microsoft’s involvement with the Eolas Technologies and the Regents of the University of California v. Microsoft patent case (Eolas versus Microsoft). Microsoft is releasing the update in phases to provide website developers with early access for testing and feedback on the new ActiveX functionality.

How is the Compatibility Patch 917425 released?
Update 917425 is available on the Download Center. For more information, see Microsoft Knowledge Base Article 917425.