Patch me if you can: Cyberattack Series
The Microsoft Incident Response team takes swift action to help contain a ransomware attack and regain positive administrative control of the customer environment.
A lot of you have recently asked us about ActiveX controls.
Here’s an example of a message you might have seen:
What are ActiveX controls?
ActiveX controls are small programs, sometimes also called “add-ons,” used on the Internet. They can make browsing more enjoyable by allowing animation or they can help with tasks such as installing security updates at Windows Update.
Some Web sites require you to install ActiveX controls in order to see the site or perform certain tasks on it. The Web site that provides the ActiveX control should tell you what the control is for and provide any details you need to know before you install it.
What are the risks?
Unfortunately, ActiveX controls are like any other software program — they can be misused. They can stop your computer from functioning correctly, collect your browsing habits and personal information without your knowledge, or can give you content, like pop-up ads, that you don’t want. Also, “good” ActiveX controls might contain flaws that allow “bad” Web sites to use them for malicious purposes.
Given these risks, you should only install ActiveX controls if you have information about the Web site that offers the control and the publisher that created the control. With this information you should then decide if are willing to trust your personal information to the Web site and to the publisher. For more information on how to determine if you trust a Web site.
Here’s a good rule to follow: If an ActiveX control is not essential to your computer activity, avoid installing it.
What do I do if I don’t want to install an ActiveX Control?
When you install an ActiveX control, Internet Explorer displays a dialog box that identifies the publisher, and asks if you want to run the file. Click Don’t run if you do not trust the Web site and publisher.
The Information Bar and the Add-on Manager also allow you to turn off ActiveX controls once you’ve enabled them. You can also delete them.