Microsoft has postponed the implementation of Java blocking within Internet Explorer, saying it will now give customers a little less than another month to deal with the unexpected change.
In an Aug. 10 addendum to a blog published four days earlier, Microsoft notified customers running Windows 7 and Windows 8 that it was pushing back the switch-on date for blocking outdated ActiveX controls.
"Based on customer feedback, we have decided to wait ... before blocking any out-of-date ActiveX controls," the company said. "The feature and related Group Policies will still be available on August 12, but no out-of-date ActiveX controls will be blocked until Tuesday, September 9."
The latter date is next month's "Patch Tuesday," the day when monthly security updates are due to be released, according to a schedule the company has had in place since 2003.
Initially, Microsoft had said that the feature -- which debuted in yesterday's update to IE8, IE9, IE10 and IE11 for Windows 7, and to IE10 and IE11 for Windows 8 and 8.1 -- would immediately begin blocking old versions of Oracle's Java ActiveX control.
Microsoft characterized the blocking as a security improvement -- though, in truth, rival browsers have had similar or even more aggressive tools for years -- and said it would add other ActiveX controls to the banned list over time.
When the tool is turned on, IE will show a warning if it tries to call an obsolete Java ActiveX control: for Java 8, those include any version except for mid-July's Java SE 8 Update 11. Users will be able to choose between ignoring the alert or updating the Java control. IT administrators can manage the notifications on workers' PCs using Group Policy settings, including one that turns off the warning altogether and another that prevents employee overrides.
The rationale for deferring the blocking -- "customer feedback" -- is software-vendor-speak for "customer complaints."
The one-month delay did seem to be in response to IT complaints that the pace was too fast: Microsoft only made the Group Policy template available last weekend, and first published a how-to for administrators and IT staffers today.
The scores of comments left on last week's blog included some that questioned Microsoft's original timetable.
"How about some notice before doing it!!! The idea is good, but documentation released [Aug.] 7 and implementation of security update on Aug. 12? What person made that stupid decision?" asked a reader identified as "UK ENTERPRISE" last week.
Other organizations' administrators bemoaned the feature in more general terms. "If general Web surfing generates calls to the Help Desk from angry users saying they want to upgrade Java, then that is a big problem," added "Bruce S" on Aug. 7.
And some had unanswered questions. "Will this be enabled by another update released on 9/9 (Patch Tuesday) or will the patch released on 8/12 include date-triggered functionality?" asked "Still Unclear."
Microsoft included the ActiveX blocking feature in yesterday's browser security update -- identified as MS14-051 -- so unless customers want to forgo the 26 IE patches in that bulletin, they must live with the change.
The company has published more information about the blocking on its TechNet website.