Microsoft has announced it will be pulling the plug on old versions of Internet Explorer and will be withdrawing software security support on IE 8, 9, and 10 from Tuesday January 12, 2016. An Internet Explorer security risk warning has been issued as older versions of the web browser will be more vulnerable to cyberattack from tomorrow.
Microsoft will only be issuing security updates and providing technical support for Internet Explorer 11 and Microsoft Edge from January 13, 2015. All users have been urged to upgrade to Internet Explorer 11 if running windows 7 or 8.1, with Windows 10 users requested to make the switch to Microsoft Edge by Wednesday, January 13.
The news shouldn’t come as a major surprise as Microsoft first made the announcement about discontinuing support for older versions of IE 18 months previously, but that said, many IT departments and individual users have not yet upgraded. Duo Security have calculated 36% of IE users are running versions 9 or 10.
The problem for many enterprises is web applications have been developed to work on Internet Explorer 9 or 10, and consequently an upgrade may require changes to be made to those applications to ensure they work optimally on Edge or IE11.
The good news is that only one version change will be required. Microsoft has confirmed that although earlier versions of the browser are being retired, it has promised to continue offering support for IE11 for the lifespan of Windows 7, 8, and 10. The same applies to the Microsoft Edge browser.
Internet Explorer Security Risk Will Increase Following Next IE11 Update
The Internet Explorer security risk will not increase substantially overnight. It is highly improbable that hackers have exploits lined up that can be used on older versions. However, when software is discontinued, it is the issuing of the next patch on the supported version that is the critical date.
In the case of Internet Explorer, cybercriminals will be able to assess what is updated in the next release. When IE11 is patched, it will be highly probable that many of the vulnerabilities that are addressed will also affect previous IE versions.
Hackers could develop exploits for those unpatched vulnerabilities to attack individuals running older browser versions. The Internet Explorer security risk will increase substantially.
It is much easier for cybercriminals to exploit vulnerabilities in browsers than unpatched software installed on devices. All that is required is to direct the user to an infected website containing the appropriate exploit kit for the user’s device to be infected.
Companies in highly regulated industries such as the financial services and healthcare should ensure their browsers are updated before support is stopped. Running any machine on outdated and unsupported software will violate industry regulations. This could result in significant financial penalties being incurred.
