Security Experts:

Internet Explorer 8, 9, 10 Lose Security Updates This Month

Microsoft Ends Life of Internet Explorer 8, 9, 10

Microsoft’s Internet Explorer 8, 9, and 10 will reach End of Life (EOL) status as of January 12, 2016, when they will stop receiving new updates.

On that day, the technology giant will deliver a cumulative security update for the three IE configurations, and will also include a new "End of Life" upgrade notification feature in it. The update will land on Windows 7 Service Pack 1 (x32 and x64) and on Windows Server 2008 R2 Service Pack 1 (x32 and x64) Edition, Microsoft said.

As soon as the update lands on computers, users will be notified of the EOL status of their Internet Explorer 8, 9, or 10 version. Furthermore, no new updates will be available for their browsers, bugs won’t be fixed and security issues will remain unresolved.

Microsoft is urging users to upgrade to the newer Internet Explorer 11 to avoid being exposed to various exploits that affect the older versions of the browser. Courtesy of these older versions, IE still has the largest market share on desktops at 48.6 percent, albeit browsers such as Google’s Chrome (now at 32.3 percent share) have been growing fast in the past years, statistics from NetMarketShare shows.

The use of various Internet Explorer versions, however, is lagging behind other browsers, as data from StatCounter reveals. Throughout 2015, IE 8 had a 1.8 percent usage share, IE9 had a 1.31 percent usage share, while IE 10 had a 1.12 percent share, while IE 11 accounted for 6.84 percent usage, far behind Chrome (44.87 percent) and Firefox (10.37 percent).

Usage and distribution statistics, however, matter less when it comes to the security of users, and older Internet Explorer versions are significantly more vulnerable compared to the latest browser variant. Remote code execution, elevation of privilege, information disclosure, and security feature bypass are only some of the flaws that affect the browser.

As Bitdefender notes in a recent blog post, 231 vulnerabilities were found in IE last year and 25 percent of these issues were remote code execution flaws. By exploiting these bugs, attackers could execute arbitrary code in a privileged context on compromised systems, or could cause a denial of service.

Microsoft announced plans to end the life of IE 8, 9, and 10 back in 2014 and provided users with sufficient time to upgrade to the newer IE 11 version or to the new Edge browser to stay better protected. IE 11 has its own set of issues as well, but the security of users browsing the internet in it is better than that of those using the older browser configurations, as Microsoft explains on TechNet.  

“Internet Explorer 11 is more secure than older versions. For example, independent security firm NSS Labs found in 2010 that Internet Explorer 8 blocked about 85% of socially-engineered malware, but more recently reported a 99% block rate for Internet Explorer 11. With security features like SmartScreen and Enhanced Protected Mode, Internet Explorer 11 significantly reduces risk,” the company notes.

Users willing to upgrade to IE 11 to remain protected should go to Control Panel, select Windows Update, and click the Check for Updates button. Those who have Automatic Updates turned on don’t need to do a thing. However, only home users benefit from these simple features, and things are more complicated when enterprise systems are involved.

To ensure a smooth transition to IE 11 within enterprise environments, Microsoft has published a series of guides on managing IE compatibility and on deploying IE 11, and IT pros are encouraged to have a look at them to improve the security posture of their organization if it uses older Internet Explorer versions.

view counter