In addition to improvements to the Enterprise Mode Site List announced today, the November update also includes the following security related updates.

Updates to out-of-date ActiveX control blocking

As we shared back in October, and as part of our ongoing commitment to delivering a more secure browser, we have two updates to the out-of-date ActiveX control blocking feature going live today.

Out-of-date ActiveX control blocking on Windows Vista SP2 and Windows Server 2008 SP2

With the November update, out-of-date ActiveX control blocking is being expanded to work with Internet Explorer 9 on Windows Vista SP2 and Windows Server 2008 SP2. You can view the complete list of configurations that this feature works with here on TechNet. Note that all existing manageability settings for this feature will also apply to these new configurations.

Out-of-date Silverlight blocking

Starting today, in addition to blocking outdated versions of Java, this feature will be expanded to block outdated versions of Silverlight. This means that if a Web page tries to load an out-of-date version of the Silverlight ActiveX control, you’ll get an out-of-date ActiveX control blocking notice.

This update is being deployed to the Microsoft-hosted XML list and doesn't require updates to the client. Also note that all currently deployed manageability settings for enterprises will continue to apply to Silverlight as they did to Java.

You can continue to view the complete list of out-of-date ActiveX controls being blocked by this feature here.

Security updates
  • Microsoft Security Bulletin MS14-065 - This critical security update resolves seventeen privately reported vulnerabilities in Internet Explorer. For more information see the full bulletin.
  • Security Update for Flash Player (3004150) - This security update for Adobe Flash Player in Internet Explorer 10 and 11 on supported editions of Windows 8, Windows 8.1 and Windows Server 2012 and Windows Server 2012 R2 is also available. The details of the vulnerabilities are documented in Adobe security bulletin APSB14-24. This update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash binaries contained within Internet Explorer 10 and Internet Explorer 11..
Staying up-to-date
Most customers have automatic updating enabled and will not need to take any action because these updates will be downloaded and installed automatically. Customers who have automatic updating disabled need to check for updates and install this update manually.

— Jasika Bawa, Program Manager, Internet Explorer

— Alec Oot, Program Manager, Internet Explorer