From the Microsoft security center:

So when we release the next cumulative IE security update, customers will only be able to interact with Microsoft ActiveX controls loaded in certain web pages after manually activating their user interfaces by clicking on it or using the TAB key and ENTER key.

I'm assuming that this applies to visible ActiveX controls only, and that scripted ones are still OK. IE is going to be in a very sorry state otherwise.

Since this is all about the Eolas case which was all about visual components I guess this is a safe assumption.

Also from the same announcement:

The good news here is that we are on a path to include the fix for the zero day vulnerability as part of the April IE cumulative security update and possibly sooner if our ongoing monitoring and analysis of attempts to exploit vulnerability shows customers are being impacted seriously.

I'm not sure that it's good news that we have to wait a few weeks for a fix to a fairly serious IE hole that is currently being exploited, but at least there is a fix on the way.

Responses[1]

Posted by Joe Walker on 30 March 2006 08:38:52 BST #