Initially, IE will only block outdated versions of Java.
"It's very important that you keep your ActiveX controls up-to-date because malicious or compromised Web pages can target security flaws in outdated controls to collect information, install dangerous software, or let someone else control your computer remotely," Fred Pullen, a senior product manager for IE, and Jasika Bawa, a program manager from Microsoft's security team, said in the Wednesday blog.
When IE encounters an obsolete Java ActiveX control, the warning will let users choose between ignoring the alert, thus running the control, or updating the Java plug-in. Clicking on the "Update" button will direct the browser to the control vendor's website to download the newest version.
IT administrators will have several new Group Policy settings to manage IE on workers' PCs, including one that turns off the warning altogether and another that deletes the "Run this time" button and so prevents employees from overriding the notification.
IE will block all but the current versions of Java. For Java 8, that means a warning will appear if the browser's running any version except for Java SE 8 Update 11, which Oracle released in mid-July.
Apple's Safari, Google's Chrome and Mozilla's Firefox all have implemented some form of blocking of old, and potentially less-secure plug-ins.