ActiveX Compatibility at Center of Patch Tuesday

Microsoft's (Nasdaq: MSFT) scheduled monthly Patch Tuesday is rolling around again on June 13. This round will include updates to the Windows operating system and the controversial ActiveX.

The release will feature nine Microsoft Security Bulletins affecting Microsoft Windows, at least one of which is critical. Another patch will change the way Internet Explorer handles ActiveX controls in response to the ongoing Eolas patent infringement suit.

ActiveX is a technology developed by Microsoft for use with browsers. ActiveX is based on reusable software components that can interact with one another, especially in a networked environment. ActiveX components can be written in any of a number of programming languages. The technology is the basis for creating the ActiveX controls often used to customize and add interactivity to Web pages.

Painful Patch

Microsoft issued a compatibility patch in April to give developers an adjustment period for the new method of handling controls, but the compatibility bridge will cease with this month's patches. All users who apply the June 13 security update will receive the ActiveX update regardless of whether or not they have applied the compatibility patch.

"This could be a pretty painful update with regard to ActiveX. It does mean going back in making adjustments to code," Rob Enderle, principal at The Enderle Group, told TechNewsWorld. "There has been an increasing resistance to use ActiveX at all because of the exposure, so the update might not be as widespread. It will be painful, though, for those who have to make the adjustment. There is no easy way around it."

Legal Wranglings

Unlike most Patch Tuesdays, June 13 is characterized by legal wranglings. Eolas sued Microsoft in February 1999 for patent infringement. Eolas initially won the suit and Microsoft was ordered to pay US$521 million to the company.

Microsoft appealed and had the decision reversed in 2005. Microsoft has maintained throughout the process that the Eolas patent is not valid and that the enforcement of the patent further created confusion that could have impacted the use of the World Wide Web.

This concern was shared by others in the industry -- including the W3C -- who have also maintained that the patent is invalid and have requested a re-examination by the U.S. Patent Office. Seven years later, the suit is still not settled but Microsoft is moving ahead to make changes to ActiveX controls.

Less Critical Vulnerabilities

Microsoft is also issuing a Security Bulletin affecting Microsoft Exchange. Users cannot send an e-mail message in Microsoft Exchange 2000 Server on in Microsoft Exchange Server 2003. Users may also receive an error message indicating that access is denied or that they do not have sufficient permission to perform the operation. The vulnerability is rated as "important."

Microsoft will release two "critical" bulletins affecting Office. The software giant did not release additional details about this update, but added that it would release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Service and the Download Center.

Microsoft will also release one non-security high-priority update for Windows and two non-security high-priority updates on Microsoft Update and Windows Server Update Services. "IT departments are getting used to the fact that they will be asked to patch at a fairly high rate and have been updating their processes to do that for a while," Enderle said. "It's unfortunate, but it's the reality we live in."