Though Microsoft has downplayed the issue, Explorer users who downloaded patches MS05-038 and MS05-052 may find that websites containing ActiveX controls either don’t load properly or are blocked entirely.
Stephen Toulouse, a program manager at Microsoft's Security Response Center (MSRC), said on Thursday that the patches modified slightly how Explorer handles ActiveX controls due to security concerns, but admitted the added security could interfere with applications written in Visual J++ and Microsoft SDK for Java, as well as obstruct ActiveX controls.
“For a limited amount of customers some pages may not load as expected,” said Toulouse. “We've published some guidance on this further detailing the changes and how customers can resolve this if they are experiencing problems.”
Toulouse said webmasters worried that their visitors may experience access issues should refer them to Microsoft’s Support Center. He said the issues only affect Internet Explorer 5.01 SP4, 5.5 SP2, 6.0 and 6.0 SP1, and stressed they were easily fixed with a new update.
The latest patch issue marks the third time in little more than a month that Microsoft has had to clarify a security bulletin. In late October the company admitted a security update for DirectX in Windows 2000 was unclear, causing some users to download the incorrect patch. The announcement came just weeks after Microsoft announced three previous critical patches were “buggy” and had to be reinstalled lest they cause major performance issues in Explorer.
