Microsoft Update Activex Download

Posted on by admin

Normally, clicking the link opens up the Microsoft Update page and the ActiveX control opens requesting confirmation that you want to install Microsoft Updates. The ActiveX control won't display so I can't install Microsoft Update, and I am still installing updates For Windows Only. In the past when this has happened, I've had to nuke the. Microsoft says it'll fix the Update Catalog's dependency on ActiveX someday, but you can bypass IE right now if you know the trick. All stages of Windows 10. Download the Windows 10. Cumulative Security Update for ActiveX Killbits for Windows 7 (KB973525) This update addresses the vulnerability discussed in Microsoft Security Bulletin MS09-055. To find out if other security updates. To access the Microsoft Update Catalog Site. In the WSUS administrative console, select either the top server node or Updates, and in the Actions pane click import Updates. A browser window will open at the Microsoft Update Catalog Web site. In order to access the updates at this site, you must install the Microsoft Update Catalog activeX control.

Many patches don't go through the usual Windows Update channels. As I explained earlier today, even the patch that fixes Microsoft's botched security update KB 3177725 is only available in the Windows Update Catalog.

That fix, KB 3187022, has been available for at least a week, but it isn't being distributed through Windows Update. The official Windows Update page lists it as 'Deployment: Catalog,' which means you can only get it by going to the Microsoft Update Catalog, downloading, and manually installing it.

If you go to the KB article and click on the link to download the patch, you get the helpful note shown here that 'you must be running Microsoft Internet Explorer 6.0 or later.' That's because the site relies on a long-discredited and rapidly fading technology Microsoft-proprietary technology known as ActiveX.

Microsoft has told us, as recently as this May, that it's going to fix the Update Catalog real soon now. Microsoft senior product manager Nathan Mercer said in a May 17 blog post:

Within the next few months Windows updates will no longer be available from the Microsoft Download Center. Security bulletins will continue to link directly to the updates, but will point to the packages on the Microsoft Update Catalog instead of the Microsoft Download Center. Customers that use tools linking to the Microsoft Download Center should follow the links provided in the Security Bulletins or search directly on the Microsoft Update Catalog.

For those who aren't familiar with the Microsoft Update Catalog website, note that it still requires using Internet Explorer at this point because of an ActiveX control used. Later this summer, we will be updating the site to eliminate the ActiveX control in order to support other browsers.

Poster abbodi86 on AskWoody filled me in on a secret to get at the patches without using Internet Explorer (or the execrable Catalog interface). It short-circuits the ActiveX front end by looking at the RSS feed for KB articles.

If you use any browser to search for:

http://catalog.update.microsoft.com/v7/site/Rss.aspx?q=KBxxxxxxx

filling in the desired KB number for 'xxxxxxx,' your browser returns a list of KB articles that contain that KB number. Clicking on the first (most recent) entry in the list generally takes you to the download site for the KB patch that you seek. At the top of the resulting page, click Download Now, and the installable MSU file gets downloaded to your browser's download folder.

Abbodi86 further advises that you can change the query string, using '+' instead of spaces, and look for KB articles in the RSS feed that match any string you like. In his example:

http://catalog.update.microsoft.com/v7/site/Rss.aspx?q=10+for+x64

You see a list of all KB articles that include '10,' 'for,' and '64' -- which includes both updates and cumulative updates for various 64-bit Windows 10 versions.

Slick. Go ahead and take your time, Microsoft.

-->

Important

The Internet Explorer 11 desktop application will be retired and go out of support on June 15, 2022. For a list of what’s in scope, see the FAQ. The same IE11 apps and sites you use today can open in Microsoft Edge with Internet Explorer mode. Learn more here.

Applies to:

  • Windows 10
  • Windows 8.1
  • Windows 7
  • Windows Server 2012 R2
  • Windows Server 2008 R2 with Service Pack 1 (SP1)
  • Windows Vista SP2

ActiveX controls are small apps that let websites provide content, like videos, games, and let you interact with content like toolbars. Unfortunately, because many ActiveX controls aren’t automatically updated, they can become outdated as new versions are released. It’s very important that you keep your ActiveX controls up-to-date because malicious software (or malware) can target security flaws in outdated controls, damaging your computer by collecting info from it, installing unwanted software, or by letting someone else control it remotely. To help avoid this situation, Internet Explorer includes a new security feature, called out-of-date ActiveX control blocking.

Out-of-date ActiveX control blocking lets you:

  • Know when IE prevents a webpage from loading common, but outdated ActiveX controls.

  • Interact with other parts of the webpage that aren’t affected by the outdated control.

  • Update the outdated control, so that it’s up-to-date and safer to use.

The out-of-date ActiveX control blocking feature works with all Security Zones, except the Local Intranet Zone and the Trusted Sites Zone.

It also works with these operating system and IE combinations:

Windows operating systemIE version
Windows 10All supported versions of IE.
Microsoft Edge doesn't support ActiveX controls.
Windows 8.1 and Windows 8.1 UpdateAll supported versions of IE
Windows 7 SP1All supported versions of IE
Windows Server 2012All supported versions of IE
Windows Server 2008 R2 SP1All supported versions of IE
Windows Server 2008 SP2Windows Internet Explorer 9 only
Windows Vista SP2Windows Internet Explorer 9 only

For more info about this new feature, see the Internet Explorer begins blocking out-of-date ActiveX controls blog. To see the complete list of out-of-date Active controls blocked by this feature, see Blocked out-of-date ActiveX controls.

What does the out-of-date ActiveX control blocking notification look like?

When IE blocks an outdated ActiveX control, you’ll see a notification bar similar to this, depending on your version of IE:

Internet Explorer 9 through Internet Explorer 11

Windows Internet Explorer 8

Out-of-date ActiveX control blocking also gives you a security warning that tells you if a webpage tries to launch specific outdated apps, outside of IE:

How do I fix an outdated ActiveX control or app?

From the notification about the outdated ActiveX control, you can go to the control’s website to download its latest version.

To get the updated ActiveX control

  1. From the notification bar, tap or click Update.

    IE opens the ActiveX control’s website.

  2. Download the latest version of the control.

Security Note:
If you don’t fully trust a site, you shouldn’t allow it to load an outdated ActiveX control. However, although we don’t recommend it, you can view the missing webpage content by tapping or clicking Run this time. This option runs the ActiveX control without updating or fixing the problem. The next time you visit a webpage running the same outdated ActiveX control, you’ll get the notification again.

Windows

Microsoft Update Activex Download Free

To get the updated app

  1. From the security warning, tap or click Update link.

    IE opens the app’s website.

  2. Download the latest version of the app.

Security Note:
If you don’t fully trust a site, you shouldn’t allow it to launch an outdated app. However, although we don’t recommend it, you can let the webpage launch the app by tapping or clicking Allow. This option opens the app without updating or fixing the problem. The next time you visit a webpage running the same outdated app, you’ll get the notification again.

How does IE decide which ActiveX controls to block?

Windows

IE uses Microsoft’s versionlist.xml or versionlistWin7.xml file to determine whether an ActiveX control should be stopped from loading. These files are updated with newly-discovered out-of-date ActiveX controls, which IE automatically downloads to your local copy of the file.

You can see your copy of the file here %LOCALAPPDATA%MicrosoftInternet ExplorerVersionManagerversionlist.xml or you can view Microsoft’s version, based on your operating system and version of IE, here:

Security Note:
Although we strongly recommend against it, if you don’t want your computer to automatically download the updated version list from Microsoft, run the following command from a command prompt:

Turning off this automatic download breaks the out-of-date ActiveX control blocking feature by not letting the version list update with newly outdated controls, potentially compromising the security of your computer. Use this configuration option at your own risk.

Out-of-date ActiveX control blocking

Important

The Internet Explorer 11 desktop application will be retired and go out of support on June 15, 2022. For a list of what’s in scope, see the FAQ. The same IE11 apps and sites you use today can open in Microsoft Edge with Internet Explorer mode. Learn more here.

on managed devicesOut-of-date ActiveX control blocking includes four new Group Policy settings that you can use to manage your web browser configuration, based on your domain controller. You can download the administrative templates, including the new settings, from the Administrative templates (.admx) for Windows 10 page or the Administrative Templates (.admx) for Windows 8.1 and Windows Server 2012 R2 page, depending on your operating system.

Group Policy settings

Here’s a list of the new Group Policy info, including the settings, location, requirements, and Help text strings. All of these settings can be set in either the Computer Configuration or User Configuration scope, but Computer Configuration takes precedence over User Configuration.

Important
Out-of-date ActiveX control blocking is turned off in the Local Intranet Zone and the Trusted Sites Zone; therefore, intranet websites and line-of-business apps will continue to use out-of-date ActiveX controls without disruption.

SettingCategory pathSupported onHelp text
Turn on ActiveX control logging in IEAdministrative TemplatesWindows ComponentsInternet ExplorerSecurity FeaturesAdd-on ManagementInternet Explorer 8 through IE11This setting determines whether IE saves log information for ActiveX controls.

If you enable this setting, IE logs ActiveX control information (including the source URI that loaded the control and whether it was blocked) to a local file.

If you disable or don't configure this setting, IE won't log ActiveX control information.

Note that you can turn this setting on or off regardless of the Turn off blocking of outdated ActiveX controls for IE or Turn off blocking of outdated ActiveX controls for IE on specific domains settings.

Remove the Run this time button for outdated ActiveX controls in IEAdministrative TemplatesWindows ComponentsInternet ExplorerSecurity FeaturesAdd-on ManagementInternet Explorer 8 through IE11This setting allows you stop users from seeing the Run this time button and from running specific outdated ActiveX controls in IE.

If you enable this setting, users won't see the Run this time button on the warning message that appears when IE blocks an outdated ActiveX control.

If you disable or don't configure this setting, users will see the Run this time button on the warning message that appears when IE blocks an outdated ActiveX control. Clicking this button lets the user run the outdated ActiveX control once.

Turn off blocking of outdated ActiveX controls for IE on specific domainsAdministrative TemplatesWindows ComponentsInternet ExplorerSecurity FeaturesAdd-on ManagementInternet Explorer 8 through IE11This setting allows you to manage a list of domains on which IE will stop blocking outdated ActiveX controls. Outdated ActiveX controls are never blocked in the Intranet Zone.

If you enable this setting, you can enter a custom list of domains for which outdated ActiveX controls won't be blocked in IE. Each domain entry must be formatted like one of the following:

  • 'domainname.TLD'. For example, if you want to include *.contoso.com/*, use 'contoso.com'.
  • 'hostname'. For example, if you want to include https://example, use 'example'.
  • 'file:///path/filename.htm'. For example, use file:///C:/Users/contoso/Desktop/index.htm.

If you disable or don't configure this setting, the list is deleted and IE continues to block specific outdated ActiveX controls on all domains in the Internet Zone.

Turn off blocking of outdated ActiveX controls for IEAdministrative TemplatesWindows ComponentsInternet ExplorerSecurity FeaturesAdd-on ManagementInternet Explorer 8 through IE11This setting determines whether IE blocks specific outdated ActiveX controls. Outdated ActiveX controls are never blocked in the Intranet Zone.

If you enable this setting, IE stops blocking outdated ActiveX controls.

If you disable or don't configure this setting, IE continues to block specific outdated ActiveX controls.

Remove the Update button in the out-of-date ActiveX control blocking notification for IEThis functionality is only available through the registryInternet Explorer 8 through IE11This setting determines whether the out-of-date ActiveX control blocking notification shows the Update button. This button points users to update specific out-of-date ActiveX controls in IE.

If you don't want to use Group Policy, you can also turn these settings on or off using the registry. You can update the registry manually.

SettingRegistry setting
Turn on ActiveX control logging in IEreg add 'HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExt' /v AuditModeEnabled /t REG_DWORD /d 1 /f

Where:

  • 0 or not configured. Logs ActiveX control information (including the source URI that loaded the control and whether it was blocked) to a local file.
  • 1. Logs ActiveX control information.
Remove Run this time button for outdated ActiveX controls in IEreg add 'HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExt' /v RunThisTimeEnabled /t REG_DWORD /d 0 /f

Where:

  • 0. Removes the Run this time button.
  • 1 or not configured. Leaves the Run this time button.
Turn off blocking of outdated ActiveX controls for IE on specific domainsreg add 'HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExtDomain' /v contoso.com /t REG_SZ /f

Where:

  • contoso.com. A single domain on which outdated ActiveX controls won't be blocked in IE. Use a new reg add command for each domain you wish to add to the Allow list.
Turn off blocking of outdated ActiveX controls for IEreg add 'HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExt' /v VersionCheckEnabled /t REG_DWORD /d 0 /f

Where:

  • 0. Stops blocking outdated ActiveX controls.
  • 1 or not configured. Continues to block specific outdated ActiveX controls.
Remove the Update button in the out-of-date ActiveX control blocking notification for IEreg add 'HKCUSoftwareMicrosoftInternet ExplorerVersionManager' /v UpdateEnabled /t REG_DWORD /d 0 /f

Where:

  • 0. Removes the Update button
  • 1 or not configured. Leaves the Update button.

Inventory your ActiveX controls

You can inventory the ActiveX controls being used in your company, by turning on the Turn on ActiveX control logging in IE setting:

  • Windows 10: Through a comma-separated values (.csv) file or through a local Windows Management Instrumentation (WMI) class.

  • All other versions of Microsoft Windows: Through a .csv file only.

Inventory your ActiveX controls by using a .CSV file

If you decide to inventory the ActiveX controls being used in your company by turning on the Turn on ActiveX control logging in IE setting, IE logs the ActiveX control information to the %LOCALAPPDATA%MicrosoftInternet ExplorerAuditModeVersionAuditLog.csv file.

Here’s a detailed example and description of what’s included in the VersionAuditLog.csv file.

Source URIFile pathProduct versionFile versionAllowed/BlockedReasonEPM-compatible
https://contoso.com/test1.htmlC:WindowsSystem32MacromedFlashFlash.ocx14.0.0.12514.0.0.125AllowedNot in blocklistEPM-compatible
https://contoso.com/test2.htmlC:Program FilesJavajre6binjp2iexp.dll6.0.410.26.0.410.2BlockedOut of dateNot EPM-compatible

Where:

  • Source URI. The URL of the page that loaded the ActiveX control.

  • File path. The location of the binary that implements the ActiveX control.

  • Product version. The product version of the binary that implements the ActiveX control.

  • File version. The file version of the binary that implements the ActiveX control.

  • Allowed/Blocked Whether IE blocked the ActiveX control.

  • Enhanced Protected Mode (EPM)-compatible. Whether the loaded ActiveX control is compatible with Enhanced Protected Mode.

    Note
    Enhanced Protected Mode isn’t supported on Internet Explorer 9 or earlier versions of IE. Therefore, if you’re using Internet Explorer 8 or Internet Explorer 9, all ActiveX controls will always be marked as not EPM-compatible.

  • Reason. The ActiveX control can be blocked or allowed for any of these reasons:

ReasonCorresponds toDescription
Version not in blocklistAllowedThe version of the loaded ActiveX control is explicitly allowed by the IE version list.
Trusted domainAllowedThe ActiveX control was loaded on a domain listed in the Turn off blocking of outdated ActiveX controls for IE on specific domains setting.
File doesn’t existAllowedThe loaded ActiveX control is missing required binaries to run correctly.
Out-of-dateBlockedThe loaded ActiveX control is explicitly blocked by the IE version list because it is out-of-date.
Not in blocklistAllowedThe loaded ActiveX control isn’t in the IE version list.
Managed by policyAllowedThe loaded ActiveX control is managed by a Group Policy setting that isn’t listed here, and will be managed in accordance with that Group Policy setting.
Trusted Site Zone or intranetAllowedThe ActiveX control was loaded in the Trusted Sites Zone or the Local Intranet Zone.
HardblockedBlockedThe loaded ActiveX control is blocked in IE because it contains known security vulnerabilities.
UnknownAllowed or blockedNone of the above apply.

Inventory your ActiveX controls by using a local WMI class

For Windows 10 you also have the option to log your inventory info to a local WMI class. Info logged to this class includes all of info you get from the .csv file, plus the CLSID of the loaded ActiveX control or the name of any apps started from an ActiveX control.

Before you begin

Before you can use WMI to inventory your ActiveX controls, you need to download the configuration package (.zip file), which includes:

Download
  • ConfigureWMILogging.ps1. A Windows PowerShell script.

  • ActiveXWMILogging.mof. A managed object file.

Before running the PowerShell script, you must copy both the .ps1 and .mof file to the same directory location, on the client computer.

Microsoft Update Activex Downloads

To configure IE to use WMI logging

Microsoft Update Catalog Activex Download

  1. Open your Group Policy editor and turn on the Administrative TemplatesWindows ComponentsInternet ExplorerTurn on ActiveX control logging in IE setting.

  2. On the client device, start PowerShell in elevated mode (using admin privileges) and run ConfigureWMILogging.ps1 by by-passing the PowerShell execution policy, using this command:

    For more info, see about_Execution_Policies.

  3. Optional: Set up your domain firewall for WMI data. For more info, see Collect data using Enterprise Site Discovery.

Microsoft Update Catalog Activex Download

The inventory info appears in the WMI class, IEAXControlBlockingAuditInfo, located in the WMI namespace, rootcimv2IETelemetry. To collect the inventory info from your client computers, we recommend using System Center 2012 R2 Configuration Manager or any agent that can access the WMI data. For more info, see Collect data using Enterprise Site Discovery.