Microsoft to limit support for Internet Explorer to 'most current version'


Microsoft By Sriram Srinivasan, 7Safe Cyber Security Consultant | 30 September 2015

 

In Aug 2014 Microsoft updated its Support Lifecycle policy <https://support.microsoft.com/en-us/gp/microsoft-internet-explorer> for Internet Explorer. The crux of this policy is that “Beginning January 12, 2016, only the most current version of Internet Explorer available for a supported operating system will receive technical support and security updates…” 

Internet Explorer is a component of the Windows operating system it runs on, where Microsoft defines a component to be “a set of files or features that are included with a Microsoft product, whether it is shipped with the product, included in a product service pack or update, or later made available as a web download for the product.” Effectively, Internet Explorer is tightly coupled with the operating system and the functionality and security of the browser are highly dependent on the operating system it runs on (and vice-versa, the version of Internet Explorer running on an operating system can introduce security vulnerabilities).  In an effort to streamline the myriad of operating system and browser combinations and to move towards combinations that offer the best mix of security and compatibility, Microsoft has been nudging users to upgrade. 

What are the implications for a typical organisation?

Organisations should ensure that they are running a supported Windows operating system and Internet Explorer combination to ensure that they continue to be supported and secure. They need to ensure that their version of a Windows operating system is supported, and then subsequently ensure that they have upgraded to the latest version of Internet Explorer for their supported operating system version. 

The list of operating system and browser combinations that will be supported after Jan 12, 2016 is provided in Microsoft’s Internet Explorer support policy page <https://support.microsoft.com/en-us/gp/microsoft-internet-explorer>

Windows Desktop Operating Systems

Internet Explorer Version

Windows Vista SP2

Internet Explorer 9

Windows 7 SP1

Internet Explorer 11

Windows 8.1 Update

Internet Explorer 11

 

Windows Server Operating Systems

Internet Explorer Version

Windows Server 2008 SP2

Internet Explorer 9

Windows Server 2008 IA64 (Itanium)

Internet Explorer 9

Windows Server 2008 R2 SP1

Internet Explorer 11

Windows Server 2008 R2 IA64 (Itanium)

Internet Explorer 11

Windows Server 2012

Internet Explorer 10

Windows Server 2012 R2

Internet Explorer 11

 

Windows Embedded Operating Systems

Internet Explorer Version

Windows Embedded for Point of Service (WEPOS)

Internet Explorer 7

Windows Embedded Standard 2009 (WES09)

Internet Explorer 8

Windows Embedded POSReady 2009

Internet Explorer 8

Windows Embedded Standard 7

Internet Explorer 11

Windows Embedded POSReady 7

Internet Explorer 11

Windows Thin PC

Internet Explorer 8

Windows Embedded 8 Standard

Internet Explorer 10

Windows 8.1 Industry Update

Internet Explorer 11

Many organisations have invested heavily in business applications that have dependencies on specific versions of Internet Explorer. Microsoft is encouraging these organisations to migrate their applications and has released an “Enterprise mode for IE 11” that offers better backward compatibility. If an organisation is constrained in its ability to upgrade due to dependencies on other systems or legacy applications, then it is important to conduct a risk assessment and to identify any additional mitigating controls to reduce the risk to acceptable levels. For example, if an unsupported browser is only ever going to access applications on an isolated internal network then the risk may be acceptable or mitigated with additional controls on the host or network, but this may not be acceptable if there is connectivity to the internet. Unfortunately, there is no “one size fits all” approach and every organisation’s approach will need to be specific to its particular risk profile. 

 
"Beginning January 12, 2016, only the most current version of Internet Explorer available for a supported operating system will receive technical support and security updates."

« BACK

« Back