|Last 7 Days News :
Wednesday, August 06, 2014
IE To block Outdated Java Plug-ins
Microsoft's Internet Explorer (IE) browser will soon start blocking out-of-date Java ActiveX controls.
The company said that IE8, IE9, IE10 and IE11 on Windows 7, as well as IE10
and IE11 on Windows 8's classic desktop, will be refreshed next Tuesday. The
updated browser will then display a notification when a website tries to load
an outmoded ActiveX control.
Initially, IE will only block outdated versions of Java.
"It's very important that you keep your ActiveX controls up-to-date because
malicious or compromised Web pages can target security flaws in outdated
controls to collect information, install dangerous software, or let someone
else control your computer remotely," Fred Pullen, a senior product manager
for IE, and Jasika Bawa, a program manager from Microsoft's security team,
said in the Wednesday blog.
When IE encounters an obsolete Java ActiveX control, the warning will let
users choose between ignoring the alert, thus running the control, or
updating the Java plug-in. Clicking on the "Update" button will direct the
browser to the control vendor's website to download the newest version.
IT administrators will have several new Group Policy settings to manage IE on
workers' PCs, including one that turns off the warning altogether and another
that deletes the "Run this time" button and so prevents employees from
overriding the notification.
IE will block all but the current versions of Java. For Java 8, that means a
warning will appear if the browser's running any version except for Java SE 8
Update 11, which Oracle released in mid-July.
Apple's Safari, Google's Chrome and Mozilla's Firefox all have implemented
some form of blocking of old, and potentially less-secure plug-ins.