CYBERSPACE – Two recently issued Microsoft security patches can interfere with the functionality of certain ActiveX and Java applications, the company said in advisories posted to its website yesterday.The patches delivered with security bulletins MS05-038 and MS05-052 can both cause problems with ActiveX, and MS05-038 can also hamper Java applications. Once the patches are installed, certain custom applications will no longer function properly in Internet Explorer, Microsoft said.

“MS05-038 and MS05-052 contain a number of defense-in-depth changes to the overall functionality of Internet Explorer,” Stephen Toulouse, a program manager in the company’s Security Response Center, wrote on the MSRC blog Wednesday. “These changes were done mostly for security reasons, removing potentionally [sic] unsafe functionality and making changes to how Internet Explorer handles ActiveX controls.”
According to Toulouse’s post, the problem is not widespread, but that for “a limited amount of customers some pages may not load as expected.”

“We’ve published sone [sic] guidance on this further detailing the changes and how customers can resolve this if they are experiencing problems,” Toulouse wrote. “We also updated the bulletins to make sure people have the right references to roll back the changes if they need to go back to the less secure state.”

“To resolve this issue, recompile the ActiveX control,” reads an advisory posted on the Microsoft website. “Then, mark the control as safe for scripting and safe for initialization when the control is run in the context of an Internet browser.”

As a workaround, users can lower their IE security settings when using sites that have ActiveX controls that no longer work – Microsoft does not recommend doing so, however.