ltstudiooo - Fotolia
In early 2016, Microsoft announced plans to stop supporting versions of Internet Explorer that came before IE 11. The change, which took effect January 12, presents a security problem for Windows 7 machines that haven't been upgraded to Internet Explorer version 11 yet.
Once Microsoft ended support, it created a lot of Internet Explorer (IE) security risks because Windows 7 operating systems with IE below version 11 are the most prevalent systems in businesses today. Even organizations with policies that bar older versions of Internet Explorer often have some hanging around to support legacy web applications or other business purposes.
What should IT do?
IT shops have a few options at their disposal to limit the risks of running IE below version 11. The first, and most inadvisable option, is to accept the risk and hope nothing bad happens. Obviously hope alone is not a viable long-term security strategy; all it takes is one user clicking the wrong link on an older version of Internet Explorer to compromise a company's entire network.
More realistically, IT can take an inventory and upgrade all its web browsers to Internet Explorer version 11, Microsoft Edge or a third-party web browser such as Firefox or Chrome. IT might also choose to accept the risks if there is a compensating control in place, such as positive security whitelisting.
Nobody is out of the woods
Even if an IT shop standardizes the company on a third-party web browser, the end of Internet Explorer support is likely still an issue. Odds are older versions of Internet Explorer are still in the business somewhere because users don't always follow the rules. IT can fight against these rogue users and make sure any or all versions of Internet Explorer prior to version 11 are disabled under Control Panel/Programs and Features/Turn Windows features on or off.
Unfortunately, some users actually need older versions of IE to run certain apps. And because many vendors don't bother to update their apps to support new operating systems and web browsers, the presence of older versions of IE is often unavoidable.
As a result, addressing this issue is a crucial security project because it's almost impossible to eradicate every instance of older IE versions. IT should use its IE security strategy as a starting point to develop a formal set of standards for all of its enterprise desktops.
Don't ignore the security ramifications of running older versions of Internet Explorer prior to version 11. The last thing a company wants is a big security incident IT could have prevented with a little planning and foresight.
Explore Internet Explorer data collection
Don't lock into Internet Explorer
How the walled garden approach works for browser security