Internet Explorer still vulnerable after patch - which is embarrassing enough in itself. But the Heise editorial recommendation:
In principle, ActiveX is always a gateway for malware and should be disabled if necessary. However, some websites will then no longer function correctly.
is somehow peculiar: I've never really noticed ActiveX as a barrier to visiting any websites. Well, I'm a Mac and Linux user - if websites only worked with ActiveX, I would have noticed it, since it's conceptually impossible for me to run it (not even in IE, because of the wrong processor architecture).
Sure, there are a few Microsoft products that rely on ActiveX - but you really can't claim that it's become widespread out there on the web. So I'd say: disable ActiveX at least for the Internet zone. It has no value there. And in the trusted zones - which I already consider a pretty big euphemism for IE - only enable it if it's really necessary (for example, because an intranet solution unfortunately uses ActiveX). Or install a proper browser for surfing the web. That's the better solution anyway ...