Microsoft KB Archive/912945

= Internet Explorer 6 software update and its effect on ActiveX controls =

Article ID: 912945

Article Last Modified on 12/27/2007

-

APPLIES TO

 Microsoft Internet Explorer 6.0, when used with:  Microsoft Windows Server 2003, Standard x64 Edition

 Microsoft Windows Server 2003, Datacenter x64 Edition

 Microsoft Windows Server 2003, Enterprise x64 Edition

 Microsoft Windows Server 2003 Service Pack 1</li></ul>

 Microsoft Windows XP Professional x64 Edition</li></ul>

 Microsoft Windows XP Service Pack 2</li></ul> </li></ul>

-

<div class="notice_section">

<div class="notice_section">

NOTICE
The update that is described in this article is included in the most current cumulative security update for Internet Explorer. To install the most current update, install all important or high-priority updates. To do this, visit the Windows Update Web site:

http://windowsupdate.microsoft.com

For more technical information about the most current cumulative security update for Internet Explorer, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/current.aspx

This article is intended to notify IT professionals and developers about a change in the way Internet Explorer handles ActiveX controls. Home users can visit the following Microsoft Web site for information about how Internet Explorer handles ActiveX controls when this update is installed:

http://www.microsoft.com/windows/ie/ie6/using/techinfo/activexupdate.mspx

Note If you are experiencing problems with an ActiveX control on a Web site that you trust, add the Web site to the Trusted Sites zone in Internet Explorer. To do this, follow these steps in Internet Explorer:
 * 1) On the Tools menu, click Internet Options.
 * 2) On the Security tab, click Trusted Sites, and then click Sites.
 * 3) Under Add this website to the zone, type the URL of the Web site that you want to add.
 * 4) Click Add, and then click Close.

If the problem persists, visit one of the following Microsoft Web sites:
 * Internet Explorer 6 Solution Center

http://support.microsoft.com/ph/2073
 * Internet Explorer 7 Solution Center

http://support.microsoft.com/ph/8722

<div class="summary_section">

INTRODUCTION
Microsoft has released a software update to Microsoft Internet Explorer 6 for Windows XP Service Pack 2 (SP2) and for Windows Server 2003 Service Pack 1 (SP1). This update changes how Internet Explorer handles some Web pages that use ActiveX controls and Java add-ins. Examples of ActiveX controls include the following:

Adobe Reader

Apple QuickTime Player

Macromedia Flash Player

Microsoft Windows Media Player

Real Networks RealPlayer

Sun Java Virtual Machine

After you install this update, you cannot interact with ActiveX controls from certain Web pages until these controls are enabled. To enable an ActiveX control, manually click the control. There are also techniques that Web developers can use to update their Web pages. For more information about these techniques, visit the following MSDN Web site:

http://msdn2.microsoft.com/en-us/library/ms537508.aspx

When you install this update, the Plugin.ocx binary is completely removed from Windows Server 2003 and Windows XP. The Plugin.ocx binary is a private component of Internet Explorer without any public interfaces. Plugin.ocx is used to host Netscape plug-ins as ActiveX controls. The functionality of Plugin.ocx was disabled in 2003 in Windows Server 2003 and Windows XP for security reasons. This update removes the nonfunctional Plugin.ocx code completely.

As part of this Internet Explorer update, Microsoft will release updates to the current versions of Windows XP and of Windows Server 2003. All client operating systems will be updated. These client operating systems include the following:
 * Windows XP Starter Edition
 * Windows XP Home Edition
 * Windows XP Professional Edition
 * Windows XP Tablet PC Edition
 * Windows XP Media Center Edition
 * Windows XP Professional for Embedded Systems

Currently, Microsoft has not released updates for earlier versions of Internet Explorer, Windows Server 2003, or Windows XP. However, Microsoft may release updates for these earlier versions in the future. More information about release schedules will be posted in this article when the information becomes available.

The following files are available for download from the Microsoft Download Center:

Update for Internet Explorer for Windows Server 2003, 32-bit x86-based versions with Service Pack 1:

Download the 912945 package now.

Update for Internet Explorer for Windows Server 2003, 64-bit Itanium-based versions with Service Pack 1:

Download the 912945 package now.

Update for Internet Explorer for Windows Server 2003, 64-bit x64-based versions:

Download the 912945 package now.

Update for Internet Explorer for Windows XP Professional x64 Edition:

Download the 912945 package now.

Update for Internet Explorer for Windows XP with Service Pack 2:

Download the 912945 package now.

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

<div class="moreinformation_section">

Known issues
 Internet Explorer ActiveX update that is contained in security update 912812 is disabled

After you deploy update 912945 for Internet Explorer, the behavior of the Internet Explorer ActiveX update that is contained in security update 912812 is disabled. The security fixes that are contained in security update 912812 are still present and will still function. Only the Internet Explorer ActiveX update behavior is disabled.</li> Web page rendering issues within Internet Explorer

This issue occurs if Mshtml.dll is ever reregistered after you install this cumulative update. This issue is resolved in security update 912812 for Internet Explorer.

912812 MS06-013: Cumulative security update for Internet Explorer

We recommend that you install security update 912812 for Internet Explorer instead of installing update 912945 that is described in this article.</li> Initial logon dialog boxes may reappear and reset to default configurations

This issue occurs if you deploy the hotfix version of this software update on 64-bit systems, such as an Itanium-based or x64-based version of Windows Server 2003 or an x64-based version of Windows XP with their respective service packs. In this case, the initial logon dialog boxes may appear for applications and for Windows components. Additionally, some settings reset to default. This behavior may cause the following issues:  Applications ask users to opt in to privacy features.</li> Default settings for Internet Explorer favorites are reset.</li> Internet Explorer security zones are reset to default settings.</li> Internet Explorer advanced settings are reset to default settings.</li> Initial Windows Media Player dialog boxes appear.</li></ul>

This issue is resolved in security update 912812 for Internet Explorer.</li> Google Toolbar

You may experience an access violation in the Google Toolbar when you close a window that contains an inactive ActiveX control. Microsoft and Google technical teams have been working together to address this issue. Google is expected to fix this problem by using its automatic &quot;servicing mechanism&quot; for Google Toolbar users. This problem affects Google Toolbar versions before version 3.0.129.2. Visit the following Google Web site to download the latest version:

http://toolbar.google.com

</li> External script technique does not work when the &quot;Disable Script Debugging (Internet Explorer)&quot; check box is cleared

This issue is resolved in security update 912812 for Internet Explorer.</li> <li>ActiveX controls that use Java Platform, Standard Edition 1.3 or 1.4

After you click an ActiveX add-in control in a program that runs the add-in control by using Java Platform, Standard Edition (J2SE) 1.3 or J2SE 1.4, the focus does not move to the add-in control. You must click the control again to establish focus. The focus behavior works correctly in J2SE 1.5. To obtain the latest version of J2SE, visit the following Sun Microsystems, Inc. Web site:

http://java.sun.com/j2se

</li> <li>Unable to use the /integrate switch to update Windows installation source files

Administrators cannot use the /integrate switch to update Windows installation source files with this update. This is expected to be fixed in the next update for Windows Server 2003 and Windows XP. To work around this issue, use the Sysprep tool. For more information, visit the following Microsoft Web site:

http://technet.microsoft.com/en-us/library/bb457067.aspx

This issue is resolved in security update 912812 for Internet Explorer.</li> <li>Siebel programs that use ActiveX controls

Software update 912945 affects all Siebel 7 High Interactive clients. After you apply this update, you must click several times to interact with the Siebel program, one time for each ActiveX control in the program. Siebel is working with Microsoft to determine a solution. A Siebel product update is expected to be released some time in the spring of 2006. For more information about Siebel product updates, visit the following Siebel Support Web site:

https://ebusiness.siebel.com/supportweb/

</li> <li>Substring match opt-in process names

By default, certain applications have process names that are a subset of applications that are opted in to the new ActiveX behavior. An example would be APExplorer.exe, where a substring of this name is Explorer.exe. Therefore, Explorer.exe is opted in to the new ActiveX behavior. Such applications exhibit the new ActiveX behavior.

This issue is resolved in security update 912812 for Internet Explorer.</li> <li>MFC controls leave a permanent window

In certain cases, when moving away from a page that has an MFC ActiveX control, the control still appears in the new window. This issue is resolved in security update 916281 for Internet Explorer.</li> <li>Visual Basic controls do not appear

In certain cases, controls that are created in Visual Basic that are displayed with display and visibility CSS attributes may not appear. This issue is resolved in security update 916281 for Internet Explorer.</li> <li>Security warning message when you try to open a PDF document from a secure (https://) Web page

When you try to open a PDF document from a secure (https://) Web page, you incorrectly receive a security warning message for mixed content. This issue is resolved in security update 916281 for Internet Explorer.</li></ul>

For recommended techniques to make sure that ActiveX controls function without user interaction, visit the following MSDN Web site:

http://msdn2.microsoft.com/en-us/library/ms537508.aspx

The following issues occur on Web sites that do not use the recommended techniques.

Note All these issues are resolved by using the techniques that are described on the MSDN Web site.
 * Scrolling

When you use the mouse wheel to scroll through a page that contains an interactive control, the control may not be displayed correctly. This issue is resolved in security update 912812 for Internet Explorer.
 * Abstract Window Toolkit

Access violations have been reported with Java programs that use Abstract Window Toolkit (AWT) classes in the user interface. This issue is resolved in security update 912812 for Internet Explorer.
 * Transparent Flash

A full-page ad disappears. However, the focus rectangle remains. In this situation, the control is still there. However, it is transparent. Therefore, the associated overlay window remains on the page.
 * DHTML menus

When a DHTML menu is expanded, the menu may appear on top of an ActiveX control. If you click the menu in this situation, you enable the control instead of gaining access to the DHTML menu. The overlay window has the highest z-order. Therefore, this window receives the mouse-click message.
 * Controls that prompt before they are loaded

When certain controls are loaded on a Web page, the controls are not correctly masked by the functionality of this update. These controls include controls that are used in Macromedia Shockwave Director, in QuickTime Player, and in Virtools Web Player. When Windows determines that a control is inactive, the system prompts the user before the control is loaded.
 * CSS attributes on controls

Controls that are hidden or that have a display-mode setting of None, but that do have size dimensions, display the focus rectangle when you move the pointer over them.

This issue is resolved in security update 916281 for Internet Explorer.

Technical support for x64-based versions of Microsoft Windows
If your hardware came with a Microsoft Windows x64 edition already installed, your hardware manufacturer provides technical support and assistance for the Windows x64 edition. In this case, your hardware manufacturer provides support because a Windows x64 edition was included with your hardware. Your hardware manufacturer might have customized the Windows x64 edition installation by using unique components. Unique components might include specific device drivers or might include optional settings to maximize the performance of the hardware. Microsoft will provide reasonable-effort assistance if you must have technical help with a Windows x64 edition. However, you might have to contact your manufacturer directly. Your manufacturer is best qualified to support the software that your manufacturer installed on the hardware. If you purchased a Windows x64 edition such as a Windows Server 2003 x64 edition separately, contact Microsoft for technical support.

For product information about Windows XP Professional x64 Edition, visit the following Microsoft Web site:

http://www.microsoft.com/windowsxp/64bit/default.mspx

For product information about x64-based versions of Windows Server 2003, visit the following Microsoft Web site:

http://www.microsoft.com/windowsserver2003/64bit/x64/default.mspx

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

Additional query words: Winx64 Windowsx64 64bit 64-bit

Keywords: kbresolve kbwebbrowser kbactivexscript kbonline kbexpertiseadvanced kbhowto kbfaq KB912945

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.