Skip to content
Naked Security Naked Security

Internet Explorer 11 – now the only way to go

It's finally happened: on desktop Windows 7 and later, you will only get security patches for Internet Explorer 11. Older IEs will retain their unpatched zero-days for ever.

Last week we warned you about the impending end of Internet Explorer versions earlier than 11.

Our concern, given that as many as 10% of users in the world still seem to be running Windows XP, which hasn’t been patched against security holes (privately or publicly known) since mid-2014, is that equally many people on Windows 7 may take a similar attitude and resist upgrading to Internet Explorer 11, on the grounds that “the old one still works, so why risk changing anything?”

The problem, for desktop Windows users at any rate, is that the Internet Explorer cumulative update that was published by Microsoft on Tuesday 12 January 2016 (MS16-001) is the last ever update for Windows 7 that will patch IE 8, 9 and 10.

Those versions, plus IE 7, are still supported on some legacy server and embedded platforms, and will therefore continue to get updates on those platforms.

But desktop users who insist on sticking with older versions of IE will, loosely speaking, have a browser that contains zero-days for ever.

There won’t be any patches unless you are on IE 11, and that means any security holes in earlier versions of IE that become known to cybercrooks will be exploitable for ever.

There may – indeed, there probably will be – hacks published that let you scrape IE updates from the Windows versions where older IEs are still supported, such as latest builds of Windows Server 2008 R2, and bodge them onto your laptop.

This is a bit like the “patches” for XP that determined holdout users liked to repurpose from Windows Server 2003, until Server 2003 fell off the edge of the world as well.

We urge you not to go down the home-made patch route, at least not for real-world use, no matter how cool it might feel if you can pull it off.

If you have legacy web apps that still won’t work on the latest Internet Explorer – and IE 11 has already been around for six months longer than XP has been retired – then please don’t blame Microsoft.

Blame the web app vendor, especially if they’re still charging you licensing fees for software that hasn’t kept up with security improvements in the web world.

💡 See the supported versions and end-of-life information for IE ►

PS. Don’t forget that Windows 8 is officially kaput now, too. You need to update to 8.1, or upgrade to 10. Both options are free, so we can’t think of a good reason why you wouldn’t choose one of them. Oh, and although the headline says “the only way to go,” we mean specifically for IE. Windows 10 comes with the Edge browser, which is a fully-supported alternative to IE. Lastly, don’t forget that even if you use Edge or a third-party browser like Chromium or Firefox on a day-to-day basis, IE is still there on your computer and needs updating, because it is an official component of Windows.

3 Comments

I can’t imagine there are a lot of people using IE at this point, except for the terminally inept. There are a few older intranet apps that require some version of IE, so even under Windows 10 there will continue to be a need (yes, it is still in Win10).

Why? What is “inept” about using IE 11? People love to bash IE, but it always seems to end up ad hominem, namely that only fools use IE, therefore IE is bad.

Anyway, you should probably read the article, where we clearly state that IE is in Windows 10, and where we remind you that *you have IE on your computer as part of Windows* even if you prefer to use Firefox, so this article applies to you even if you are much cleverer than everyone else in your choice of browser. Especially, in fact.

If you truly think that the insecurities in IE 11 are so severe that it is “inept” to use it – fighting word! – then you probably need to provide some polite, objective, up-to-date and meaningful reasons why.

I tried to update yesterday but it failed, even after the app said my computer was compatible. I re-tried when it said it wanted to, and it failed a second time, only it didn’t say so, it just stalled. My computer is a Dell XPS and I’ve had it since June, 2008. Everything’s been fine until now, it’s been a fabulous computer. Do I now have to buy another $3,000 computer or is there a workaround?

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?