Security
Headlines
HeadlinesLatestCVEs

Headline

It’s official, today you can say goodbye to Internet Explorer. Or can you?

Microsoft is ready to phase out Internet Explorer and will start the procedure today. Are you ready as well? And will it solve a lot of security issues? The post It’s official, today you can say goodbye to Internet Explorer. Or can you? appeared first on Malwarebytes Labs.

Malwarebytes
#vulnerability#web#windows#microsoft#chrome

Today, the Internet Explorer (IE) 11 desktop application goes out of support and will be retired for certain versions of Windows 10.

The retirement consists of two phases. During the first phase—the redirection phase—devices will be progressively redirected from IE to Microsoft Edge over the following months.

The second phase of retirement is the Windows Update phase. After the redirection phase completes, IE will be permanently disabled through a future Windows Update on all devices with Windows platforms that are in-scope for IE retirement.

History

Microsoft’s Internet Explorer 1.0 saw the first websites in August 1995. In 2003, Microsoft said goodbye to the standalone version of the browser, but Internet Explorer continued as a part of the evolution of the operating system, with updates coming bundled in operating system upgrades.

Over the following years, despite everything Microsoft tried, Chrome took over as the most used browser. With Windows 10, Edge became the default Microsoft browser, but Internet Explorer could still be found in the Windows Accessories folder.

While Edge started out based on Microsoft’s EdgeHTML browser engine, it later switched to a Chromium-based model.

After all this, Microsoft felt it was time to phase out Internet Explorer.

Platforms

For now the retirement is only partial, even for Windows 10. In scope at the time of this announcement.

Internet Explorer 11 desktop application delivered via the Semi-Annual Channel (SAC):

  • Windows 10 client SKUs
  • Windows 10 IoT

Out of scope at the time of this announcement (unaffected):

  • Internet Explorer mode in Microsoft Edge
  • Internet Explorer platform (MSHTML/Trident), including WebOC and COM automation
  • Internet Explorer 11 desktop application on:
    • Windows 8.1
    • Windows 7 Extended Security Updates (ESU)
    • Windows Server SAC (all versions)
    • Windows 10 IoT Long-Term Servicing Channel (LTSC) (all versions)
    • Windows Server LTSC (all versions)
    • Windows 10 client LTSC (all versions)
    • Windows 10 China Government Edition

In-market Windows 10 LTSC and Windows Server are also unaffected by this change. Windows Server 2022 and Windows 10 Enterprise LTSC 2021 are also out of scope.

The end

During the first phase, users will find themselves redirected from IE to Microsoft Edge. This will not happen for all devices at the same time, which gives organizations a chance to identify and resolve any potential issues, such as missed sites, before the redirection happens on all devices within an organization.

The second phase of retirement is the Windows Update phase. After the redirection phase completes, IE will be permanently disabled through a future Windows Update on all devices with Windows platforms that are in-scope for IE retirement.

Given the cumulative nature of Windows Updates, IE disablement will persist in subsequent Windows Updates.

For those that can’t wait to get rid of Internet Explorer, Microsoft has published a blog to explain how to move forward. It’s also worth reading for system administrators that want to prepare for the second phase of the retirement process.

Not so much

Why not uninstall IE entirely, you may wonder. This isn’t recommended as Internet Explorer mode relies on Internet Explorer 11 to function. IE mode on Microsoft Edge makes it easy to use all of the sites your organization needs in a single browser. It uses the integrated Chromium engine for modern sites, and it uses the Trident MSHTML engine from Internet Explorer 11 for legacy sites.

Support for IE mode follows the lifecycle of current and future Windows client, Windows server, and Windows IoT releases (including Windows 11) at least through 2029.

Security angle

While your first response to the news might have been a sigh of relief, the stage exit of Internet Explorer does not bring any immediate security improvements. The holy grail of backward compatibility has thrown a wrench in the Microsoft works before and it will probably continue to do so, as long as we are afraid to say goodbye to legacy technology in a decisive manner.

Switching to a more secure platform makes all kinds of sense, but it is held back if we keep on using the old, less secure platform on the side. Threat actors will prey on the old platform as long as it is in use.

Researchers will find vulnerabilities in Internet Explorer related files that need to stay on the system even if someone doesn’t use Internet Explorer anymore. And system administrators will find endpoint and/or users that need to keep Internet Explorer because there is some legacy resource that requires it.

Malwarebytes: Latest News

Meta takes down more than 2 million accounts in fight against pig butchering