Later today Microsoft will issue the monthly updates again. In their announcement Microsoft has announced four critical and one moderate update. One of the critical updates is a fix for the CVE2006-1359, the createTextRange problem.

Some people, both users and developers, might remember the problems they encountered with the release of Windows XP SP2 where security settings changes were introduced that caused problems to ActiveX controls and applications loaded. The update shipped later today might cause similar problems, although it might be less severe this time.

This time, users might have to click on ActiveX controls before they can use them rather then Internet Explorer loading them and executing them right away. Companies whose intranet features many ActiveX (web-based) applications might find themselves affected negatively with the upcoming patches and may be required to recode many of their ActiveX component.

To facilitate these users, Microsoft will release a compatibility patch as well which will work until 13 June 2006. The compatibility patch will ensure users that their applications will remain functional, but if they do not alter the code, their applications will stop to work when the compatibility patch reaches the end of its lifecycle on 13 June.

To make changes more permanent, developers might have to load the ActiveX components via scripts rather than embedded HTML code. Note that the changes in controlling ActiveX components only affect Internet Explorer and no applications that host ActiveX controls, as e.g. Microsoft Office, are affected.

Norman advises its customers to check their applications against the patches released on 11 April and make the necessary code adjustments before 13 June as their ActiveX components may cause their business to hamper