Security Alert as Internet Explorer Support Deadline Lands Next Week

Written by

Security experts are urging IT managers to make sure they migrate to newer versions of Internet Explorer by next week or risk exposing themselves to a new wave of attacks, as Microsoft ends support for anything older than IE9.

The Redmond giant warned customers back in August 2014 that it would be making the changes as of 12 January this year in an attempt to get them to run the latest browser version available for their particular Windows platform.

So from next Tuesday, Vista SP2 and Server 2008 SP2 users will only be supported on IE9; Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012 R2 and Windows 8.1 users will need to upgrade to IE11; and Windows Server 2012 customers will need to migrate to IE10.

This will apparently ensure they get the benefit of Microsoft “security updates and technical support.”

Internet Explorer director, Roger Capriotti, offered the following advice:

“Microsoft recommends enabling automatic updates to ensure an up-to-date computing experience—including the latest version of Internet Explorer—and most consumers use automatic updates today. Commercial customers are encouraged to test and accept updates quickly, especially security updates. Regular updates provide significant benefits, such as decreased security risk and increased reliability, and Windows Update can automatically install updates for Internet Explorer and Windows.”

Given that Internet Explorer is one of the most commonly targeted platforms in the world for cyber-criminals, businesses would do well to get their house in order. Of course, those on Windows 10 should be using the new—and so far, more secure—Edge browser.

However, given the scale of the task and the fact that most line-of-business apps now run in the browser, there are likely to be many left behind in the rush to upgrade.

Tripwire’s director of security and risk, Tim Erlin, told Infosecurity that staying on unsupported versions “will have a serious impact on your organization's attack surface" over time.

His colleague, CTO Dwayne Melancon, added that a compatibility mode in IE11 should provide an interim solution for most apps not yet ready to run properly in the browser.

“If a user or company simply cannot switch to IE11 and must run an older version of the browser, the best course of action is to ensure that all users are running as ‘Standard’ users on Windows, rather than as Administrator-level users on their local systems,” he advised.

“This will mitigate the risk of the most common browser-based malware attacks.”

Photo © tanuha2001/Shutterstock.com

What’s hot on Infosecurity Magazine?