MS03-040 and blocking ActiveX

Patch MS03-040 presumably closes a big ActiveX hole.
So far we are blocking ActiveX for internetsites. In his latest Brians Buzz column, Brian Livingstone states that due to this patch, it no longer is necessary to disable ActiveX.
Is this a sound advise?

 

I think that advice only applies for people who had blocked ActiveX specifically to avoid that particular exploit for which the patch has now been released.

Nevertheless, this MS patch doesn't address or protect (as far as I'm aware) against drive by downloads of spyware and other potentially unwanted or unfriendly stuff which can be an issue as long as ActiveX is enabled on all sites, trusted and unknown.

Apps such as SpywareBlaster help to guard against some of these but in general I wouldn't say, OK now you can enable ActiveX because MS released a patch. The patch does nothing for the other reasons one is advised not to let ActiveX run on the internet without restriction.

 

Okay, thanks. I suppose I better keep my current policy.