The specter of Internet Explorer will haunt the Internet for years

After years of severe market share decline, on June 15, Microsoft confirmed it was discontinuing all support for Internet Explorer – the company’s longstanding and notorious web browser.

Launched in 1995, IE has been pre-installed on Windows computers for nearly two decades, and like Windows XP, Internet Explorer has become an “immortal” product – meaning whether it’s time to upgrade or switch to Windows. other versions, the user still chooses to continue using.

And while Microsoft’s announcement last week will drive more users away from IE, security researchers stress that IE and its many security holes are far from gone.

In the coming months, Microsoft will disable the IE app on Windows 10 devices, instructing users to replace it with the Edge browser. However, the IE icon will remain on the user’s desktop, and Edge integrates a feature called “IE mode” to preserve access to old sites built for Internet Explorer.

Microsoft says it will support IE mode at least until 2029. Additionally, IE will still work on all supported versions of Windows 8.1, Windows 7 with Microsoft’s Extended Security (Extended Security). Updates) and Windows Server, although the company says it will eventually phase out IE in those services.

Seven years after the launch of Edge (2015), industry analysis indicates that Internet Explorer may still account for more than 0.5% of the total global browser market share. And in the US, that market share could be closer to 2%.

Ronnie Tokazowski, a longtime malware researcher and principal advisor at cybersecurity firm Cofense said:I think we’ve made a lot of progress and probably won’t see a lot of IE data mining in the future, but there are still remnants of Internet Explorer that scammers can exploit. Internet Explorer as a browser will be gone, but debris remains.”

“Some elements of the web still rely on specific behaviors and features of Internet Explorer”Sean Lyndersay, General Manager of Microsoft Edge Enterprise, said when talking about IE.

But he added that starting over with Edge is better than trying to save IE. “Websites have evolved and so have browsers. Incremental improvements to Internet Explorer might not match the improvements to the web in general, so we started over.“

Microsoft says it will still support IE’s underlying browser engine, called “MSHTML,” and the company will keep an eye out for versions of Windows that are still “used in critical environments.” But Maddie Stone, a researcher with Google’s Project Zero vulnerability team, points out that hackers are still exploiting IE vulnerabilities in ongoing and ongoing attacks.

“Ever since we started tracking Zero-day vulnerabilities, Internet Explorer has had a steady stream of zero-day vulnerabilities every year. 2021 actually equals 2016 in the total number of zero-day vulnerabilities we track, although Internet Explorer’s share of web browser users continues to decline.”Stone revealed in April, zero-day is a term that refers to previously unknown vulnerabilities. “Internet Explorer remains an attractive environment for hackers to break into Windows machines, even if users are not using Internet Explorer as their internet browser.”

In his analysis, Stone specifically notes that while the number of new IE vulnerabilities that Project Zero has discovered has remained fairly stable, attackers have also gradually been targeting the MSHTML browser engine through Malicious files such as infected Office documents. This probably means that killing IE apps won’t immediately change ongoing attack trends.

For a browser that is supposed to be dead, IE still has a lot of influence on the Internet.

Reference: Wired