Industry News

Ready to say goodbye to Internet Explorer 8, 9 and 10? Things to consider

internet-explorer-11-logo

Only 5 days left until versions 8, 9 and 10 of Internet Explorer reach end-of-life and leave late IE 11 adopters exposed to specific exploits. And this is not an understatement, Internet Explorer has quite a reputation – it was plagued over the years with many critical vulnerabilities, including remote code execution, elevation of privilege, information disclosure and security feature bypass.

Security risks of using outdated IE

Microsoft announced the end of support date well over a year ago but, based on usage statistics, millions of people still explore the Internet on the outdated browser. Internet Explorer is the fourth most used browser in the world, with a 12. 5% market share in December 2015, according to W3Schools.

stats_ie

Source: W3Schools

More specifically, in the past 12 months, IE 8 owned 1.13% of the market while IE had 9 0.88% and IE 10 0.85%, as StatCounter reports.

A few details about the soon-defunct browsers:

Internet Explorer 8 – released in 2009, it was the newest version of IE to run on Windows XP, supported on Vista, Windows 7, and Windows Server 2003, 2008 and 2008 R2.

Internet Explorer 9 – was released to the public on March 14, 2011 as a major out-of-band version, not tied to the release schedule of any particular version of Windows, unlike previous versions.

Internet Explorer 10 – the default browser of Windows 10, it was first announced in 2011.

In 2015, Internet Explorer 9 through 11 also ranked seventh among the most vulnerable software programs in use. Not an appalling position, considering that Mac OS X, iPhone OS and Flash Player made it to top three.

Over 25% of the 231 vulnerabilities found in IE referred to remote code execution, a vulnerability allowing attackers to execute arbitrary code in a privileged context or cause a denial of service.

That is one reason why Microsoft recommends updating to its new Internet Explorer 11.

Internet Explorer 11 is more secure than older versions,” Microsoft says. “For example, independent security firm NSS Labs found in 2010 that Internet Explorer 8 blocked about 85% of socially-engineered malware, but more recently reported a 99% block rate for Internet Explorer 11. With security features like SmartScreen and Enhanced Protected Mode, Internet Explorer 11 significantly reduces risk.”

But we’ve seen that IE 11 isn’t 100% safe either. In July 2015, Hacking Team leaked emails revealing that through CVE-2015-2425, an IE zero-day, an exploit could crash Internet Explorer 11 every time it is loaded and, with certain privileges, run any code on the system.

Home users versus enterprise customers

For home users, it’s pretty simple. With Automatic Updates turned on, all they have to do is wait. To turn on Automatic Updates, click the Check for Updates button on the Windows Update portion of the Control Panel.

For small businesses and enterprises, the cost of upgrading is an issue – they need to test and repair web apps, if needed. To help, Microsoft added several resources such as Tips and tricks to manage Internet Explorer compatibility and IE 11. But time will tell and show how many of them did their homework and are 100% ready to migrate.

Will you be moving to IE 11 soon?

About the author

Alexandra GHEORGHE

Alexandra started writing about IT at the dawn of the decade - when an iPad was an eye-injury patch, we were minus Google+ and we all had Jobs. She has since wielded her background in PR and marketing communications to translate binary code to colorful stories that have been known to wear out readers' mouse scrolls. Alexandra is also a social media enthusiast who 'likes' only what she likes and LOLs only when she laughs out loud.

2 Comments

Click here to post a comment

Your email address will not be published. Required fields are marked *

  • ‘But we’ve seen that IE 11 isn’t 100% safe either. In July 2015, Hacking Team leaked emails revealing that through CVE-2015-2425, an IE zero-day, an exploit could crash Internet Explorer 11 every time it is loaded and, with certain privileges, run any code on the system.’

    On the other hand, no software is immune to security problems, and that includes critical CVEs. Not to say that I would trust IE – I wouldn’t and thankfully don’t have to deal with such software. Of course, this exploit makes me think of various others over the years (including a trick of my own about two decades ago although it would have affected other browsers too and it would have to be done manually). Arbitrary code execution is another more serious matter (than crashing by itself).

    Yet I’m not surprised IE is still used; so is Windows 9x! Anyone who runs a server and also uses passive OS fingerprinting would know this. Scary? Yes. Surprising? No. Stupid and dangerous? Yes. But unfortunately that’s how people are.