This coming Tuesday will see the Internet Explorer end of life for three versions of Microsoft's Web browser --...
8, 9 and 10 -- depending on which Windows software is being run. One expert said enterprises may have more trouble sunsetting the older browsers because of custom Web applications.
As part of the next Patch Tuesday release coming Jan. 12, Microsoft will deliver a cumulative security update for the three IE browsers, along with an upgrade notification warning that end of life has been reached and no further security updates will come for those browsers.
Microsoft noted that users on Windows Vista SP2 and Windows Server 2008 SP2 will still receive security updates for IE 9 and 10, and Windows Server 2012 users will still get security updates for IE 10. All users on other supported versions of Windows are recommended to upgrade to IE 11.
Craig Young, security researcher for Tripwire, based in Portland, Ore., said there is still a sizeable number of users and enterprises using these older versions of Internet Explorer.
"According to estimates from netmarketshare.com, about 20% of observed Web requests come from IE 8 to 10, and I doubt these figures will change significantly before the Jan. 12 end of support. Even after the cutoff, cyberattackers can learn new attack techniques by analyzing future IE 11 updates," Young said. "The major challenge, however, will be sunsetting the older browsers in enterprise environments, because many organizations use custom Web applications designed for a specific version of IE."
Microsoft is attempting to mitigate this issue as well with Enterprise Mode for Internet Explorer 11, which the company claimed "offers enhanced backward compatibility and enables you to run many legacy Web apps during your transition to modern Web standards."
In order to help customers extend existing Web app investments while using IE 11, Microsoft said Enterprise Mode will be supported through Jan. 14, 2020, on Windows 7.