Last week we warned you about the impending end of Internet Explorer versions earlier than 11.
Our concern, given that as many as 10% of users in the world still seem to be running Windows XP, which hasn’t been patched against security holes (privately or publicly known) since mid-2014, is that equally many people on Windows 7 may take a similar attitude and resist upgrading to Internet Explorer 11, on the grounds that “the old one still works, so why risk changing anything?”
The problem, for desktop Windows users at any rate, is that the Internet Explorer cumulative update that was published by Microsoft on Tuesday 12 January 2016 (MS16-001) is the last ever update for Windows 7 that will patch IE 8, 9 and 10.
Those versions, plus IE 7, are still supported on some legacy server and embedded platforms, and will therefore continue to get updates on those platforms.
But desktop users who insist on sticking with older versions of IE will, loosely speaking, have a browser that contains zero-days for ever.
There won’t be any patches unless you are on IE 11, and that means any security holes in earlier versions of IE that become known to cybercrooks will be exploitable for ever.
There may – indeed, there probably will be – hacks published that let you scrape IE updates from the Windows versions where older IEs are still supported, such as latest builds of Windows Server 2008 R2, and bodge them onto your laptop.
This is a bit like the “patches” for XP that determined holdout users liked to repurpose from Windows Server 2003, until Server 2003 fell off the edge of the world as well.
We urge you not to go down the home-made patch route, at least not for real-world use, no matter how cool it might feel if you can pull it off.
If you have legacy web apps that still won’t work on the latest Internet Explorer – and IE 11 has already been around for six months longer than XP has been retired – then please don’t blame Microsoft.
Blame the web app vendor, especially if they’re still charging you licensing fees for software that hasn’t kept up with security improvements in the web world.
PS. Don’t forget that Windows 8 is officially kaput now, too. You need to update to 8.1, or upgrade to 10. Both options are free, so we can’t think of a good reason why you wouldn’t choose one of them. Oh, and although the headline says “the only way to go,” we mean specifically for IE. Windows 10 comes with the Edge browser, which is a fully-supported alternative to IE. Lastly, don’t forget that even if you use Edge or a third-party browser like Chromium or Firefox on a day-to-day basis, IE is still there on your computer and needs updating, because it is an official component of Windows.