Only 5 days left until versions 8, 9 and 10 of Internet Explorer reach end-of-life and leave late IE 11 adopters exposed to specific exploits. And this is not an understatement, Internet Explorer has quite a reputation – it was plagued over the years with many critical vulnerabilities, including remote code execution, elevation of privilege, information disclosure and security feature bypass.
Security risks of using outdated IE
Microsoft announced the end of support date well over a year ago but, based on usage statistics, millions of people still explore the Internet on the outdated browser. Internet Explorer is the fourth most used browser in the world, with a 12. 5% market share in December 2015, according to W3Schools.
More specifically, in the past 12 months, IE 8 owned 1.13% of the market while IE had 9 0.88% and IE 10 0.85%, as StatCounter reports.
A few details about the soon-defunct browsers:
Internet Explorer 8 – released in 2009, it was the newest version of IE to run on Windows XP, supported on Vista, Windows 7, and Windows Server 2003, 2008 and 2008 R2.
Internet Explorer 9 – was released to the public on March 14, 2011 as a major out-of-band version, not tied to the release schedule of any particular version of Windows, unlike previous versions.
Internet Explorer 10 – the default browser of Windows 10, it was first announced in 2011.
In 2015, Internet Explorer 9 through 11 also ranked seventh among the most vulnerable software programs in use. Not an appalling position, considering that Mac OS X, iPhone OS and Flash Player made it to top three.
Over 25% of the 231 vulnerabilities found in IE referred to remote code execution, a vulnerability allowing attackers to execute arbitrary code in a privileged context or cause a denial of service.
That is one reason why Microsoft recommends updating to its new Internet Explorer 11.
Internet Explorer 11 is more secure than older versions,” Microsoft says. “For example, independent security firm NSS Labs found in 2010 that Internet Explorer 8 blocked about 85% of socially-engineered malware, but more recently reported a 99% block rate for Internet Explorer 11. With security features like SmartScreen and Enhanced Protected Mode, Internet Explorer 11 significantly reduces risk.”
But we’ve seen that IE 11 isn’t 100% safe either. In July 2015, Hacking Team leaked emails revealing that through CVE-2015-2425, an IE zero-day, an exploit could crash Internet Explorer 11 every time it is loaded and, with certain privileges, run any code on the system.
Home users versus enterprise customers
For home users, it’s pretty simple. With Automatic Updates turned on, all they have to do is wait. To turn on Automatic Updates, click the Check for Updates button on the Windows Update portion of the Control Panel.
For small businesses and enterprises, the cost of upgrading is an issue – they need to test and repair web apps, if needed. To help, Microsoft added several resources such as Tips and tricks to manage Internet Explorer compatibility and IE 11. But time will tell and show how many of them did their homework and are 100% ready to migrate.
Will you be moving to IE 11 soon?