Connect with us

Hi, what are you looking for?



Internet Explorer 8, 9, 10 Lose Security Updates This Month

Microsoft Ends Life of Internet Explorer 8, 9, 10

Microsoft’s Internet Explorer 8, 9, and 10 will reach End of Life (EOL) status as of January 12, 2016, when they will stop receiving new updates.

Microsoft Ends Life of Internet Explorer 8, 9, 10

Microsoft’s Internet Explorer 8, 9, and 10 will reach End of Life (EOL) status as of January 12, 2016, when they will stop receiving new updates.

On that day, the technology giant will deliver a cumulative security update for the three IE configurations, and will also include a new “End of Life” upgrade notification feature in it. The update will land on Windows 7 Service Pack 1 (x32 and x64) and on Windows Server 2008 R2 Service Pack 1 (x32 and x64) Edition, Microsoft said.

As soon as the update lands on computers, users will be notified of the EOL status of their Internet Explorer 8, 9, or 10 version. Furthermore, no new updates will be available for their browsers, bugs won’t be fixed and security issues will remain unresolved.

Microsoft is urging users to upgrade to the newer Internet Explorer 11 to avoid being exposed to various exploits that affect the older versions of the browser. Courtesy of these older versions, IE still has the largest market share on desktops at 48.6 percent, albeit browsers such as Google’s Chrome (now at 32.3 percent share) have been growing fast in the past years, statistics from NetMarketShare shows.

The use of various Internet Explorer versions, however, is lagging behind other browsers, as data from StatCounter reveals. Throughout 2015, IE 8 had a 1.8 percent usage share, IE9 had a 1.31 percent usage share, while IE 10 had a 1.12 percent share, while IE 11 accounted for 6.84 percent usage, far behind Chrome (44.87 percent) and Firefox (10.37 percent).

Usage and distribution statistics, however, matter less when it comes to the security of users, and older Internet Explorer versions are significantly more vulnerable compared to the latest browser variant. Remote code execution, elevation of privilege, information disclosure, and security feature bypass are only some of the flaws that affect the browser.

Advertisement. Scroll to continue reading.

As Bitdefender notes in a recent blog post, 231 vulnerabilities were found in IE last year and 25 percent of these issues were remote code execution flaws. By exploiting these bugs, attackers could execute arbitrary code in a privileged context on compromised systems, or could cause a denial of service.

Microsoft announced plans to end the life of IE 8, 9, and 10 back in 2014 and provided users with sufficient time to upgrade to the newer IE 11 version or to the new Edge browser to stay better protected. IE 11 has its own set of issues as well, but the security of users browsing the internet in it is better than that of those using the older browser configurations, as Microsoft explains on TechNet.  

“Internet Explorer 11 is more secure than older versions. For example, independent security firm NSS Labs found in 2010 that Internet Explorer 8 blocked about 85% of socially-engineered malware, but more recently reported a 99% block rate for Internet Explorer 11. With security features like SmartScreen and Enhanced Protected Mode, Internet Explorer 11 significantly reduces risk,” the company notes.

Users willing to upgrade to IE 11 to remain protected should go to Control Panel, select Windows Update, and click the Check for Updates button. Those who have Automatic Updates turned on don’t need to do a thing. However, only home users benefit from these simple features, and things are more complicated when enterprise systems are involved.

To ensure a smooth transition to IE 11 within enterprise environments, Microsoft has published a series of guides on managing IE compatibility and on deploying IE 11, and IT pros are encouraged to have a look at them to improve the security posture of their organization if it uses older Internet Explorer versions.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.