Microsoft warned that it would be ending long-term support for older versions of its Internet Explorer browser, only keeping the latest compatible versions on various operating systems up to standard. That roll-out has now begun with the latest update, which has seen a number of vulnerabilities left open on versions of IE 7, 8, 9 and 10.
Patches for Internet Explorer 11 and Edge went out on Tuesday this week, but most older versions of Internet Explorer did not receive the same update. If you’re using Vista, then IE9 is ok for now, but that’s the oldest version that has had any tweaks to it. 7 and 8 are the Wild West now with plenty of unperformed fixes that leave users vulnerable to attack.
Although Microsoft hasn’t been exact about which vulnerabilities and how many of them are still present on older versions of the browser — that would make things too easy for malware makers — it did fix as many as 13 different bugs in IE11 and Edge earlier this week, which means an equivalent number of vulnerabilities could be present in older versions of IE.
And as PCWorld explains, it won’t take much for nefarious actors to figure out what the patch has fixed and more importantly, what it has left unfixed in the older browsers. A quick look at code before and after the update should give them all the information they need to begin cracking open older browsers and releasing malware that directly attacks those vulnerabilities.
This is why it is so important to patch your browsers and update to newer standards if you can. It’s also the reason Microsoft started from scratch with its Edge browser, as it would not share any code with Internet Explorer and would therefore be immune to any bugs that were eventually found there.
Of course you’re free from all worries with Microsoft bugs if you’re using Chrome, Firefox or some other alternative, but they have their own vulnerabilities to worry about.