Significant changes made in a security patch from Microsoft to the way Internet Explorer processes ActiveX can cause Siebel 7 client software to lock up and become unusable.
The Siebel problem is one of several issues that prompted Microsoft to release a "compatibility patch" in conjunction with this month's security updates, which undoes the ActiveX changes for another 60 days.
The ActiveX changes in question were made in response to a 2003 court ruling, which found that Microsoft had violated a software patent held by Eolas Technology Inc. and the University of California. Microsoft has been including the changes in optional releases of Internet Explorer for months, now, but on Tuesday they were rolled into a set of security patches, called MS06-013, effectively making them mandatory.
MS06-013 changes the way ActiveX processes dynamic content, forcing some users to click on pop-up "tool tip" windows before being able to run things like Flash or Quicktime animation.
But with Siebel client software, which runs inside a browser using ActiveX controls, the application can appear to be completely broken, according to Wayne Smiley, operations manager with Quest Software, in California.
"In most cases it shows you the proper thing, but you can't actually interact with it," he said. "It's like it's frozen in front of you."
Smiley, who is in the early stages of rolling out a company-wide IE update has also added the Microsoft compatibility patch in order to keep his Siebel software working. Thanks to that, he says he has experienced "no issues so far."
But he believes that there may be other Siebel users who were unaware of the ActiveX issue. "It was by sheer luck that we happened to stumble on this before it was an issue," Smiley said. "I'll bet a lot of people got caught completely off guard."
Though there have been some reports of problems with "very minor" issues with the Eolas ActiveX changes following Tuesday's security update, the Siebel issue is "the only one that seems to have a larger impact," said Gary Schare, director of IE product management with Microsoft.
Oracle, which completed its acquisition of Siebel in January of this year, plans to issue a software patch that fixes this problem in May, the company said Friday. This will be just in time for users like Smiley, because Microsoft's compatibility patch is expected to be available only until June.
In fact, Oracle's plan to patch the problem just one month before Microsoft's deadline is too close for comfort, according to some users.
"If [Oracle] doesn't act quickly even a 60-day reprieve won't be adequate," said one IT consultant working with a client who has 3,200 users, who asked not to be identified without the approval of his customer. "Business apps like Siebel aren't the kind you can just upgrade and patch on a whim. There will be at least seven business days of testing before my current client can release the Siebel patch to production, and that is on their expedited release."