Microsoft ends support for multiple Internet Explorer versions

Microsoft's Internet Explorer, with versions older than 11, is going to be left without any support as of today, January 12.

That means no patches, no security and other fixes. The American software giant has been pretty vocal about it, encouraging users to switch to Internet Explorer 11 or Edge, which come with the Windows 10 operating system.

However, according to some media reports, people have been really slow at transitioning to the new browser, and with many businesses still using Internet Explorer 10 and older, this represents a big security risk.

According to a BetaNews article, old versions of IE are still widely used: "Security analysts fear that with Internet Explorer 9 and 10 accounting for 36 per cent of IE and Edge use, and with more than 160 vulnerabilities discovered in Internet Explorer in the last three years, there are risky times ahead,” it says in the report.

The report also cites business community Manta, which had said that more than 60 per cent of businesses using Internet Explorer haven’t updated.

“With an estimated 34 per cent of SMBs found to be Internet Explorer users, there are an awful lot of people at risk if they fail to update their software soon."

Security firm Duo was fast to react, stressing just how important it is to update your software on time: “All it takes is one vulnerable device accessing your network to put your entire organisation at risk of a data breach. But with visibility into the types of risky devices accessing your network, you can create and enforce data-driven policies to secure your company.”

Steve Donald, Chief Technology Officer at Hexis Cyber Solutions commented on what users can do to stay safe during the IE upgrade:

"Running an unsupported or unpatched version of Internet Explorer is like leaving your car unlocked in public – an extremely preventable risk. The vast majority of cyber-attacks are content delivered or displayed within a web browser. While there may be operational reasons for keeping an older, unsupported version of the software, there are significant risks in not maintaining the latest web browser and running regular updates.

"To navigate this latest change, take advantage of the automatic updates within Windows. Remember, Microsoft will not send unsolicited email requesting personal information or asking you to follow web-links. As a result, be wary of attackers that leverage the chaos during support changes to dupe people into installing malware or giving away personal information. For example, alarmist emails that warn you to open an attachment or risk losing all internet access. Or phone calls from “tech support” that lead you through the update process and ask for usernames, passwords or computer information.

"Within the enterprise world, many organisations may circulate internal emails about the need to update with instructions on how. These organisations need to be aware that attackers will mimic or spoof communications and follow best practice in IT change management.

"This includes not distributing software via email or third-party sites, using signed or authenticated emails from IT and posting any update instructions on internal sites with proactive communication regarding updates."

UPDATE: Louis Pienaar, head of managed and professional services at Exponential-e commented: "Most users will simply open up the most convenient browser on their workstation and get on with their web experience. Combined, the older versions of Internet Explorer still make up 19.8 per cent of the web traffic, so not making a conscious choice is about to get a whole lot more dangerous!

"But there is a more sinister problem than users who just haven’t bothered to upgrade – many IT departments still mandate the use of the older Internet Explorer versions. IT departments picked a version that they were happy with, then developed all of their web interfaces to suit and never looked back – or ahead. Unfortunately, IE 8, 9 and 10 were created in a time when the Internet was much simpler, arguably safer, and a whole lot smaller.

"Going forwards, every IT team should aim to implement an upgrade policy, as newer browsers are faster, safer and generally better all around. However, organisations cannot rely on their staff to update their devices.

"As such, care must be taken to isolate, monitor and quarantine the older browsers, as without official support, they will no longer receive much needed security updates and will increasingly pose a significant security risk to corporate networks."