ltstudiooo - Fotolia

Tip

Internet Explorer support for old versions is over. What now?

Microsoft stopped supporting Internet Explorer prior to version 11, but the web browser is still present in many organizations. IT must come up with a plan for browser security.

In early 2016, Microsoft announced plans to stop supporting versions of Internet Explorer that came before IE 11. The change, which took effect January 12, presents a security problem for Windows 7 machines that haven't been upgraded to Internet Explorer version 11 yet.

Once Microsoft ended support, it created a lot of Internet Explorer (IE) security risks because Windows 7 operating systems with IE below version 11 are the most prevalent systems in businesses today. Even organizations with policies that bar older versions of Internet Explorer often have some hanging around to support legacy web applications or other business purposes.

What should IT do?

IT shops have a few options at their disposal to limit the risks of running IE below version 11. The first, and most inadvisable option, is to accept the risk and hope nothing bad happens. Obviously hope alone is not a viable long-term security strategy; all it takes is one user clicking the wrong link on an older version of Internet Explorer to compromise a company's entire network.

More realistically, IT can take an inventory and upgrade all its web browsers to Internet Explorer version 11, Microsoft Edge or a third-party web browser such as Firefox or Chrome. IT might also choose to accept the risks if there is a compensating control in place, such as positive security whitelisting.

Nobody is out of the woods

Even if an IT shop standardizes the company on a third-party web browser, the end of Internet Explorer support is likely still an issue. Odds are older versions of Internet Explorer are still in the business somewhere because users don't always follow the rules. IT can fight against these rogue users and make sure any or all versions of Internet Explorer prior to version 11 are disabled under Control Panel/Programs and Features/Turn Windows features on or off.

Unfortunately, some users actually need older versions of IE to run certain apps. And because many vendors don't bother to update their apps to support new operating systems and web browsers, the presence of older versions of IE is often unavoidable.

As a result, addressing this issue is a crucial security project because it's almost impossible to eradicate every instance of older IE versions. IT should use its IE security strategy as a starting point to develop a formal set of standards for all of its enterprise desktops.

Don't ignore the security ramifications of running older versions of Internet Explorer prior to version 11. The last thing a company wants is a big security incident IT could have prevented with a little planning and foresight.

Next Steps

Explore Internet Explorer data collection

Don't lock into Internet Explorer

How the walled garden approach works for browser security

Dig Deeper on Web browsers and applications

SearchVirtualDesktop
SearchWindowsServer
Close