Jan 12 2016

Microsoft Ends Security Support for Older Versions of Internet Explorer

Internet Explorer 8, 9 and 10 will no longer receive security patches, potentially affecting hundreds of millions of users.

For users of older versions of Microsoft’s Internet Explorer web browser, the time has finally come to upgrade — or risk the consequences.

As of today, Microsoft will no longer provide technical support and security updates for its Internet Explorer 8, 9 and 10 web browsers. The company is encouraging customers to upgrade to Internet Explorer 11 or to Microsoft Edge, its new web browser that comes with Windows 10.

A Microsoft spokesperson told BizTech that the move “is in line with industry standards and will help ensure our customers have the most modern and secure browser experience possible.”

Companies Face Vulnerabilities

As The Verge notes, the shift away from the older versions of Internet Explorer has been on the horizon for a long time. Microsoft warned users in August 2014 about the end-of-support deadline. Computerworld estimates that close to 340 million users worldwide are still running the outdated versions of Internet Explorer; it arrived at this figure based on web-browser-usage data from analytics firm Net Applications and Microsoft’s estimate of 1.5 billion Windows devices worldwide.

The software giant cautions customers that if they stick with older versions of the web browser, they could be exposing themselves to security vulnerabilities and malware. “End of support means there will be no more security updates, non-security updates, free or paid assisted support options, or online technical content updates,” Microsoft explains.

Additionally, the company points out that many software vendors “no longer support older versions of Internet Explorer. For example, Office 365 takes advantage of modern web standards and runs best with the latest browser.” It also says companies that need to meet regulatory obligations such as the Health Insurance Portability and Accountability Act (HIPAA) “should conduct due diligence to assess whether they are still able to satisfy compliance requirements using unsupported software.”

As explained on the company’s website, Microsoft provides businesses with 500 or more employees “in-depth technical resources, tools, and expert guidance to ease the deployment and management of Windows, Office and Internet Explorer products and technologies,” and offers multiple ways for companies to upgrade.

Companies with fewer than 500 employees that lack web applications can update their browsers automatically with Automatic Updates. “Those with dependencies on existing web applications can locate a Microsoft Certified Partner to understand the best options to meet their business needs,” Microsoft states.

Newer Browsers Offer Protection

Microsoft notes that Internet Explorer 11 “will continue to receive security updates, compatibility fixes, and technical support on Windows 7, Windows 8.1, and Windows 10.” It also boasts of the version’s advantages, including “improved security, increased performance, better backward compatibility, and support for the web standards that power today’s websites and services.”

Meanwhile, Microsoft’s Edge browser includes several new features, such as the ability to freeze a web page and take notes on it (users can do this with a stylus, their fingers or by typing) and then share those notes with others. The browser also incorporates Microsoft’s Cortana digital assistant and can clear away ads and other web clutter.

In terms of security, Microsoft notes that Edge takes advantage of its Passport technology with asymmetric cryptography to authenticate users to websites.

Edge also has SmartScreen technology to protect users against phishing scams. SmartScreen does this “by performing a reputation check on sites the browser visits, blocking sites that are thought to be phishing sites.” Another advantage the company points out: “SmartScreen in both the browser and the Windows Shell defends users against socially-engineered downloads of malicious software to users being tricked into installing malicious software.”

Enterprise Users Have Options

Some organizations have enterprise line-of-business applications that rely on older versions of Internet Explorer. Microsoft says it is helping these commercial customers upgrade, especially through the use of “Enterprise Mode” in IE 11, whose better backward compatibility lets businesses run legacy web apps developed for older versions of the browser.

“To help customers who have a business need for using Internet Explorer 11 with Enterprise Mode, Microsoft is committed to supporting Enterprise Mode as a feature of Internet Explorer 11,” the company states on its website. “Microsoft will continue to invest in compatibility improvements, tools, and other resources to help customers upgrade and stay up-to-date on the latest browser.”

In a November 2015 Microsoft blog post, Jatinder Mann, a senior program manager lead, and Fred Pullen, a product marketing director, outlined how Enterprise Mode works for older versions of IE. They noted that Enterprise Mode now supports compatibility features to sites with HTTP ports and that the company offers a compatibility kit to teach users how to configure and set up Enterprise Mode and other tools.


Be Ransomware Ready

Is your organization prepared for a cyberattack? Learn how to step up your ransomware protection.