by Bharat Mistry
On Tuesday 12 January, Microsoft ended support for several versions of Internet Explorer in an attempt to force customers to upgrade to newer, more secure versions of the browser. Now the news has been a long time coming – well over a year in fact. But the deadline is still likely to come too soon for many UK organisations. The risk here is that cybercriminals are now lining up to create exploits for flaws which will no longer be patched by Redmond, exposing countless firms to the risk of damaging data breaches and disruption.
Any move designed to improve the security of the user community should be welcomed. But it’s vital that UK IT managers lock down this vulnerability blind spot until all their machines are fully upgraded.
Microsoft first notified customers about the changes back in August 2014. Its reasons for doing so were primarily driven by security and productivity considerations as well as developer benefits. “Outdated browsers represent a major challenge in keeping the web ecosystem safer and more secure, as modern web browsers have better security protection,” Internet Explorer director, Roger Capriotti wrote at the time. “It should come as no surprise that the most recent, fully-patched version of Internet Explorer is more secure than older versions.”
What does this mean for UK users? As of December, 48.5% were using Internet Explorer, according to Net Applications, and that figure may be even higher when considering corporate users alone. So what does the post-deadline landscape look like for these customers? Well, if you’re still on Vista SP2 and Server 2008 SP2 you’ll need to upgrade to IE9; Windows Server 2012 customers will need to migrate to IE10; and Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012 R2 and Windows 8.1 users will need to upgrade to IE11. Windows 10 users, of course, get to use the new and thus far more secure Edge browser.
Machines not migrated to the latest supported IE versions will now be ineligible for Microsoft technical support or security updates. The latter is particularly concerning, especially as IE has historically been one of the most frequently targeted platforms on the internet, with Redmond sometimes forced to release patches to fix scores of vulnerabilities in the browser. Opportunistic cybercriminals will now certainly be looking to capitalise on this end-of-support uncertainty to attack unprotected systems.
The smart money is therefore on migrating to supported IE versions as quickly as possible. But for some organisations this may not be as straightforward as it sounds. Compatibility issues with legacy enterprise applications can slow the whole process down considerably, even though a “compatibility mode” in IE11 should smooth things a bit.
In the meantime, it’s important to keep systems protected by looking for security products that offer virtual patching capabilities.
Trend Micro uses intrusion detection and prevention technologies to shield any vulnerabilities in IE before they can be exploited by attackers. It provides instant and comprehensive protection at the endpoint and server-level to keep systems safe until they can be migrated to newer, more secure versions. Not only does it keep key systems safe, but it also provides IT managers with extra time to carry out vital testing to ensure that migration is as smooth and seamless as possible.