It was a long time coming, but on Feb 28 2006, Microsoft released a patch (KB912945) for the Eolas patent dispute that “breaks” Active X in Internet Explorer, which includes Flash on Windows XP and Windows Server 2003.
This only affects IE.
Firefox, Mozilla, Opera and the rest are not affected.
[Update 28/7/2006] – The new Opera 9 IS affected by this.
Opera Asking for Activation
Windows 2000 derivatives are not affected (yet) as a final decision on browser revisions for Windows 2000 is still pending. Luckily there is a simple JavaScript workaround for this patch. See my previous posting and workaround.
Because this first patch “broke” so many websites, Microsoft have also issued a “Compatibility Patch” (KB917425) that negates the Eolas patch until some time in June. “This Compatibility Patch will function until an Internet Explorer update is released as part of the June update cycle, at which time the changes to the way Internet Explorer handles Active X controls will be permanent.”
This compatibility patch can prevent you from seeing the full effect of the Eolas patch. So, if you are a web developer and you want to know what the effect the Eolas Patch is going to have on the behavior of your site in IE, Make sure you don’t have the Compatibility Patch installed!
It seems that it is possible to install the Eolas Update via an Automatic Update (KB912812) in such a way that the ‘workaround’ that Microsoft and Macromedia suggests does not function. I have encountered a small but worrying (given the sample size) number of machines with this issue.
I was able to install and then un-install the compatibility patch and all problems (see “The Whole Story” below) were resolved, for no apparent reason. See “Conclusions” at the end of this document.
How To Tell If You Have The Eolas Patch Installed
If you are running Windows XP, Open the “Control Panel” and then click on “Add Or Remove Programs” and make sure ‘Show Updates’ is ticked.
If you have the Eolas Patch, One of the following will be installed.
The KB912812 Security Update which contains the Eolas patch (KB912945)
Just The KB912945 Eolas Patch
The Whole Story
Now I previously blogged about the Eolas Patch and provided a detailed description of the workaround provided by both Microsoft and Macromedia. I was able to test this workaround by directly downloading the patch from MSDN.
Here is the time-line for the Eolas related patches (As accurate as I have been able to determine).
Jan 9, 2006 – Microsoft releases non-security update for Internet Explorer 6 for Windows XP Service Pack 2 to MSDN subscribers
Feb 9, 2006 – Update became publicly available on MSDN
Feb 10, 2006 – Update for Internet Explorer for Windows XP Service Pack 2 (KB912945) Via KB912812
“After you install this update, you cannot interact with Active X controls from certain Web pages until these controls are enabled. To enable an Active X control, manually click the control. There are also techniques that Web developers can use to update their Web pages. For more information about these techniques, visit the following MSDN Web site”
Feb 28, 2006 – Patch distributed as a recommended update on Windows Update for Windows XP Service Pack 2
April 11, 2006 – Published in Cumulative Update for Internet Explorer for Windows XP Service Pack 2 (KB912812)
Also in : Cumulative Update for Internet Explorer 6 SP1 (KB912812)
Also contains “Update for Internet Explorer for Windows XP Service Pack 2″ (KB912945) which in the first description is…
“This update includes minor changes to how Internet Explorer handles some web pages that use Microsoft Active X controls. Certain webpages will require users to manually activate Active X controls by clicking on it or using the TAB key and ENTER key. This update contains all previously released security updates. After you install this item, you may have to restart your computer.”
But in another location…
“After you deploy update 912945 for Internet Explorer, the behavior of the Internet Explorer Active X update that is contained in security update 912812 is disabled. The security fixes that are contained in security update 912812 are still present and will still function. Only the Internet Explorer Active X update behavior is disabled.”
One of these is incorrect.
April 11, 2006 – “Compatibility Patch” – “Update for Internet Explorer for Windows XP Service Pack 2” ( KB917425)
“The IE Compatibility Patch reverts the IE Active X update behavior contained in the April Security update (KB912812). This patch should be used by customers who have experienced compatibility issues and who require more time to test/update websites and programs that are impacted by the IE Active X update. This patch is temporary, and will only apply to KB912812. This IE compatibility patch will not be available for future security updates. After you install this item, you may have to restart your computer. “
April 20, 2006 – Re-Release of “Compatibility Patch” “Update for Internet Explorer for Windows XP Service Pack 2” ( KB917425)
?? June 2006 – Compatibility Patch Expires
“This Compatibility Patch will function until an Internet Explorer update is released as part of the June update cycle, at which time the changes to the way Internet Explorer handles Active X controls will be permanent.”
So “officially”, this patch came through with “Cumulative Security Update for Internet Explorer (912812)” which was released on April 11th 2006.
But on machines with this patch I was still getting prompts for activation on sites with the workaround in place. This has been verified with sites that use custom JavaScript and the very good flashObject/swfObject JavaScript library.
I have also received feedback from clients with ‘dodgy’ install of windows with the Eolas patch that are still getting prompted for Active X “activation” despite the web-site having the workaround in place.
Removing KB912812 and KB912945, rebooting then re-installing KB912812 again seems to resolve the issue.
Also installing the compatibility patch and then uninstalling it seems to solve the problem
Conclusions
It is possible for the original Eolas patch to be installed in such a way that JavaScript workaround does not function. Installing the compatibility patch and then uninstalling it seems to solve the problem
If you are a web developer, beware – the “Compatibility Patch” may be masking the problems your site has with Flash and Active X when viewed in IE with Eolas patch..
James McParlane's Blog 
Hi,
I was doing a search on this subject and found what you had written. I have a question that I was wondering if you could help me with. I work in the Ad Operations department and recently all the flash ads we receive require that we click twice on the ad to get to the click URL. I am assuming this is due to the Eolas issue. Do you know of a workaround I can use for this? We use a hybrid version of Accipiter as our adserver.
Any help or suggestions would be great
Thanks!
Maureen
I’m not familiar with Accipiter, but the workaround would be the same.
@Maureen
I’m assuming that Accipiter would use JavaScript to embed the flash element in the page at some point in its display process. If its not (perhaps just serving static HTML) then it needs to start doing that to bypass the Eolas patent patch.
To bypass the patent patch, the JavaScript function called to embed the flash must be included from an external file.
I document the actual mechanism of the workaround in this posting.
https://blog.metawrap.com/blog/BypassingTheEolasEmbeddingPatentInPictures.aspx
you are right. JavaScript workaround does not function
you are right. JavaScript workaround does not function
Opera 9 *is* affected by this. Being a commercial company, they’ve had to implement same antipatent solution as MS.
JUST REMOVE KB916281 AND DON’T ALLOW THE UPDATES TO REINSTALL AND YOU WILL NEED TO RESTART THE SYSTEM BUT THIS WILL FIX IT FASTER.