27 years after its launch, and perhaps giving many people their first foray into the World Wide Web, Microsoft officially ended support for Internet Explorer on June 15, 2022. Its last version was Internet Explorer in 2013, before Microsoft began urging users to transition over to Microsoft Edge.
Though the once-popular browser is officially now history as far as Microsoft support goes, adversaries won’t stop attacking it, security experts say.
Running IE without support
If your organization hasn’t already, it should prioritize moving away from IE. Though the browser may not be supported by Microsoft anymore, that won’t stop it from being a target for cyberattacks.
But judging by the fact that Microsoft will continue to support compatibility mode in Edge until 2029, IE likely remains in widespread use.
Running IE past its end of support date means that previously unknown — or worse yet, known but unpatched — vulnerabilities can be exploited going forward. In many cases, Microsoft Edge has replaced IE, but the fact that the MSHTML engine will exist as part of the Windows operating system through 2029 means organizations are at risk of vulnerabilities in the browser engine — even if they are no longer using IE.
According to Maddie Stone, security researcher at Google’s Project Zero bug hunting team, IE has had a fair number of zero-day bugs over the past years, even as its use shrank. Last year, for example, the Project Zero team tracked four zero-days in IE — the most since 2016, when the same number of zero-days were discovered in the browser. Three of the four zero-day vulnerabilities last year targeted MSHTML and were exploited via methods other than the Web, Stone says.
Microsoft says it will support IE mode on its Edge browser through at least 2029 to continue providing access to old websites built for Internet Explorer.
Stay safe
Even if you’re no longer using Internet Explorer to access the web, you’re still at risk if your machine still has Internet Explorer for adversaries to use as a gateway to access your system.
It’s not as simple as just deleting the icon from your desktop.
Prosper Solutions can help find hidden gaps and loopholes in your security architecture and catch problems before they occur. Then we work with you on recommended actions to ensure your organizations security is watertight.
Drop us a line and we’ll have a chat!