RE: Need to disable them

The problem lies in that blurry line that exists between Windows and the Browser. From what I can gather, the code running the video in your browser, now, is the browser-intended plugin - just like the equivalent plugins that exist for Firefox and whatnot. That code is unaffected by this flaw. (To quote the advisory: "there are no by-design uses for [the affected] ActiveX Control in Internet Explorer"). The code that IS affected - while no longer used by the browser - does seem to be used by Outlook and Outlook Express. Click a link in an HTML mail, and (if your default browser is Internet Explorer), then Explorer will launch using the old code, instead of it's plugin.

It's another exploit of the 'when is any part of Windows not actually the browser', vaguenees, that has led to Microsoft building in this incredibly byzantine series of 'zones' of execution, and multiple copies of functionality, that do the same things, to run in different zones (a lot of 'code reuse' in Windows division, these days, is done using the Ctrl-C and Ctrl-V keys).

Certain applications are capable of browser-like behaviour, which shouldn't actually be *browsing,* when exhibiting these behaviours, or running in these zones. The flaws arise when attackers find a way of carrying a mode of execution from one application and zone, through to the browser, and thereby manage to use a copy of the code in a zone it shouldn't be running in.

Billions of dollars, this has cost them, to fix. All I can say is, that this is an awfully expensive approach to letting users email funny videos, of cats, to each other.