According to the latest Microsoft Security Intelligence Report[i], Java exploits represented 84.6% to 98.5% of exploit-related detections each month in 2013. To help mitigate this situation with ActiveX controls, Microsoft recently introduced a new security feature in Internet Explorer, called ‘out-of-date ActiveX control blocking’. Based on customer feedback to this announcement, Microsoft has since decided to push back the switch-on date for blocking outdated ActiveX controls, but only until September 9, 2014.
How will enterprise IT be impacted?
While the update should not have any effect on sites in the Intranet or Trusted Sites zone, most internet sites as well as Intranet sites that are accessed through a fully-qualified domain name or IP address, will be prevented from running outdated Oracle Java ActiveX controls. Consequently, IE users may run into trouble using a site or web app that they’ve been using with no problem for years.
So why not just update?
In enterprise environments, it is not always possible to update Java as rapidly as we would like. Some websites and web apps are dependent on specific versions of ActiveX, meaning that Java security updates can result in broken business-critical applications. And in some cases, the most up-to-date version of a given application may require an out-of-date version of Java because the latest version just flat out doesn’t work.
Moreover, IT may not want to give everyone in the enterprise admin rights to update Java on their own, either for security reasons or to prevent a user from accidentally authorizing the installer to make other changes to their browser or Internet settings. In this case, each time a new version is released, IT would have to install the necessary updates on each and every computer.
What are the alternatives to updating?
One solution is to host any ‘troublesome’ apps on a centralized server and then let users access them from their own personal or corporate-owned device using a clientless, HTML5, browser-based remote access solution such as Ericom AccessNow. This would enable IT to manage Java updates and other software issues just once, from a central location. AccessNow does not require Java, Flash, Silverlight, ActiveX, or any other underlying technology to be installed on client devices, making IT overhead much more manageable.