We are at yet another Microsoft-imposed deadline, which heralds the end of support for outdated software. Next Tuesday will bring the first batch of Microsoft security bulletins for 2016 and it will also mark the end of security support for Internet Explorer versions 8, 9 and 10. Microsoft made the call almost 18 months ago, giving all of their customers and businesses ample time to prepare for the day when those versions of IE, battered by zero-days, exploit kits and targeted attacks, should be retired.
In reality, however, many users out there are either unwilling or unable to comply with these deadlines. This does not mean that we shouldn't take notice and shouldn't take Tuesday’s deadline seriously. In fact even if you aren't using IE on your own machine you should still be aware of the risks as they may potentially put businesses at risks and therefore may put your own personal data at risk as well!
Statistics from a number of sources show us that there is still a significant percentage of web traffic moving through IE. Netmarketshare.com, for example, says that while IE 11 holds more than 25 percent of market share, IE 8, 9 and 10 combined still account for more than 20 percent. Researchers at Duo Security, examining traffic moving through their services, put the percentage a bit higher for IE 9 and 10—almost 36 percent—running on Windows 7, 8, or 8.1.
Given that browsers historically offer hackers a much juicier attack surface than operating systems, folks may want to take Tuesday’s deadline seriously.
“In most cases an attacker will need to already have access to a local network or be able to trick users into opening malicious files as part of a successful attack leveraging Windows XP vulnerabilities,” said Tripwire security researcher Craig Young. “The web browser on the other hand is of course used to constantly process data from potentially untrusted sources leaving users exposed to a wide range of attack.”
Microsoft warns IE users that without action, after January 12, 2016, they will no longer provide security updates or technical support for older versions of Internet Explorer. Noting that security updates patch vulnerabilities that may be exploited by malware, helping to keep users and their data safer. Regular security updates help protect computers from malicious attacks, so upgrading and staying current is important.
For full details on the end of life cycle of Internet Explore and how you can update and protect own system you can Windows lifecycle FAQ sheet