ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Jobs
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Desktop platforms Toolkit in association with http://ad.doubleclick.net/clk;205413468;14699245;m?http://adfarm.mediaplex.com/ad/ck/2397-58840-22058-14

IE update breaks Web sites

Joris Evers CNET News.com

Published: 03 Nov 2005 09:15 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Two Microsoft security updates for Internet Explorer (IE) can break the functionality of Web sites that use certain custom applications.

The problems occur after installing the patches Microsoft delivered with security bulletins MS05-038 and MS05-052, Microsoft said in two advisories posted on its Web site on Wednesday. The bulletins were issued in August and October, respectively.

Both patches can cause problems with IE's proprietary ActiveX controls. The MS05-038 patch can also hinder Java applications. After the patches are installed, applications that are programmed in specific ways will no longer work in Internet Explorer, Microsoft said.

Any problems caused by MS05-038 and MS05-052 affect only a few users, Stephen Toulouse, a program manager in Microsoft's Security Response Centre wrote on the MSRC blog late Wednesday. "As a result of these changes that we made for security sake, for a limited amount of customers some pages may not load as expected," he wrote.

The issue of broken Web sites is the latest problem with Microsoft patches. One recent fix wreaked havoc on systems of users who had changed certain Windows settings to be more secure, while Windows 2000 users had trouble finding the right patch for another security problem.

The MS05-052 patch causes the problem because it makes several changes to Windows meant to increase the security of the IE Web browser. After installing the patch, IE will check for a special security setting called on ActiveX controls. If the control does not have the setting, IE will block it, according to a Microsoft advisory.

To resolve this issue, Microsoft advises developers to recompile an affected ActiveX control and mark it as safe when run in an Internet browser, according to the advisory. As a workaround, users of sites with ActiveX controls that no longer work can lower their IE security settings, the company said, although it does not recommend doing so.

Changes made for the benefit of security with the MS05-038 patch mean trouble for ActiveX controls and Java applications. The problems occur if so-called "custom monikers" are used, Microsoft said in a second advisory. To solve the issue, the applications should be converted.

Microsoft's advisories offer technical tips on resolving any issues. The company did not say how many customers have experienced trouble.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with Konica

Did you find this article useful?
70 out of 135 people found this useful


In association with Intel

Talkback

Post a comment


Full Talkback thread

2 comments

  1. A little lesson Microsoft. A patch is supposed to... Magnus Grander
  2. What is the surorise here? Flawed sofware getting... Oldator

Related Links

More In Desktop platforms


Company/Topic Alerts

Create a new alert from the list below:








Related Jobs

ORACLE DBA (DATABASE ADMINISTRATOR) 40k circa +benefits

Information Security Analyst, Risk, CISM, CISSP, CISA, SSCP, London

.Net Web Developer - Lutterworth - C#,ASP.Net - circa 30,000

Desktop Management Benchmarking

Test Your Desktop Management Systems

How good are your company's desktop management solutions? How do they compare with those of your peers?

Take two minutes to complete our new Desktop Management and Energy Consumption benchmark, and find out what issues your business needs to focus on.