X

Company warns on IE patch

IE security update can disrupt Google Toolbar, Java applications and Siebel programs, says maker of patch management software.

Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
See full bio
Joris Evers
2 min read
An Internet Explorer update released earlier this week can interfere with some applications, including Google's Toolbar, according to PatchLink, a maker of patch management software.

Other applications affected by the Web browser patch include business software from Oracle's Siebel customer relationship management unit and certain Web applications that use specific versions of Java, PatchLink said Friday.

The problems arise because of changes Microsoft made to how the Web browser handles Web programs called ActiveX controls. The modifications are designed to shield Microsoft from liability in a high-profile patent dispute with Eolas Technologies and the University of California.

Microsoft had warned that the ActiveX tweaks, first announced in December, can affect how certain sites display in the browser. The software maker released a "compatibility patch" alongside Tuesday's security update that undoes the ActiveX changes for another 60 days.

In the Google Toolbar, users may experience an error when closing a window that contains an inactive ActiveX control, PatchLink said.

The problem affects only older versions of the Google Toolbar, those before version 3.0.129.2, a Microsoft representative said in an e-mailed statement. "Google implemented a fix and shipped this to users on March 8 by using its automatic servicing mechanism," the Microsoft representative said. "We expect the problem to be fully remedied."

Google did not immediately respond to requests seeking comment. PatchLink said it was made aware of the compatibility issues by its customer base.

While the Google Desktop error appears to occur only in some instances, Siebel 7 users face a bigger problem. After installing the IE patch, users must click several times to be able to use the Siebel customer relationship management program, one time for each ActiveX control in the program, PatchLink said.

Oracle is working with Microsoft to address the issue, a representative for the Redwood Shores, Calif.-based Oracle said. "In May, we anticipate issuing fixes to address this Microsoft problem for Siebel 7 users," the representative said in an e-mailed statement.

Microsoft's patch can also affect ActiveX controls that use Java Platform, Standard Edition 1.3 or 1.4, PatchLink said. Users will have to click twice to be able to use such a Web program if it uses the affected Java versions, the patch management specialist said. A newer version of Java, 1.5, is not affected, it said.

The Java issue surfaced in February, when Microsoft first publicly released the IE update, the Microsoft representative said. "Microsoft has made changes to address this issue, and we believe it is resolved," the representative said. "We are unaware of any new specific compatibility issues with Java and will fully investigate any issues we hear from customers and partners."