Microsoft confirmed Thursday that two recent patches for its Internet Explorer browser can break some Web sites by causing problems with ActiveX controls and Java applications.
The trouble starts after users install patches from the MS05-038 and MS05-052 security bulletins, which were released in August and October, respectively.
"MS05-038 and MS05-052 contain a number of defense-in-depth changes to the overall functionality of Internet Explorer," wrote Stephen Toulouse, the head of Microsoft's Security Response Center (MSRC), on the group's official blog. "These changes were done mostly for security reasons, removing potentionally [sic] unsafe functionality."
But according to documents newly posted to Microsoft's support site, the IE patches interfere with applications written for Web sites in Visual J++ and Microsoft SDK for Java (MS05-038), and obstruct ActiveX controls (MS05-052).
Microsoft downplayed the problems. "For a limited amount of customers some pages may not load as expected," said Toulouse. "We've published some guidance on this further detailing the changes and how customers can resolve this if they are experiencing problems."
Thursday's acknowledgement was only the latest black eye for the MSRC, which had had to retract or revisit a string of security updates in the last several months.
In October, Microsoft had to clarify one Windows 2000 patch, and explain why another was buggy. In August, the Redmond, Wash.-based developer released a corrupted patch, and had to re-issue a fix.
These newest problems affect Internet Explorer 5.01 SP4, 5.5 SP2, 6.0, and 6.0 SP1.