With the update in place, Internet Explorer 6 won't run some ActiveX controls until they've been explicitly enabled by the user.
Microsoft Tuesday updated Internet Explorer 6 for Windows XP SP2 and Windows Server 2003 SP1, but denied that the changes were security related.
"The update is labeled as 'non-security' given that it does not include any new updates that affect the security of IE," said a company spokesman Tuesday afternoon.
With the update in place, IE 6 won't run some ActiveX controls until they've been explicitly enabled by the user. Last December, Microsoft posted a note to Web site and ActiveX developers warning them that the change was coming. In that note, the Redmond, Wash.-based developer said that controls loaded by the APPLET, EMBED, or OBJECT elements would be disabled unless the user turned them on.
Although Microsoft says this is not a security update, its connection with ActiveX is reminiscent of several security fixes during 2005 that covered the browser and the control technology. Microsoft has struggled to firm up ActiveX security, particularly in denying controls that have no reason to access the Internet from doing so.
IE 7, which is in beta testing, actually disables most ActiveX controls out of the gate in an attempt to protect users.
The correction comes two weeks after Microsoft released its last patch for IE, a fix for IE 5.01 running on Windows 2000. Microsoft made a point to stress this update has nothing to do with the patch unveiled earlier in the month.
Tuesday's update is available from Microsoft's Download Center and as an option on Windows Update.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.