After many years drop and The final calm Over the past 13 months, Microsoft on Wednesday confirmed the retirement of Internet Explorer, the company’s long-standing and increasingly infamous web browser. Introduced in 1995, IE has been preinstalled on Windows computers for nearly 20 years, and like Windows XP, Internet Explorer has become mainstream — so much so that when users need to upgrade and move on, they often don’t. While last week’s milestone will see more users abandon the time-honored browser, security researchers stress that IE and its many security flaws are far from gone.
Over the next few months, Microsoft will disable the IE app on Windows 10 devices, directing users to its next-generation Edge browser, which was first released in 2015. However, the IE icon will still remain on the user’s desktop, and Edge includes a service called “IE Mode” to preserve access to legacy websites built for Internet Explorer. Microsoft says it will support IE mode until at least 2029. Additionally, IE currently still runs on all supported versions of Windows 8.1, Windows 7 with Microsoft’s Extended Security Updates, and Windows Server, although the company says it will eventually phase out IE on these, too.
Seven years after Edge’s debut, industry analysis express Internet Explorer may still hold more than 0.5% of the total global browser market share. In the U.S., it could be closer to 2 percent.
Ronnie Tokazowski said: “I do think we’ve made progress and we may not see as many exploits for IE in the future, but for a long time we will still have remnants of Internet Explorer that crooks can exploit These vulnerabilities.” is a longtime independent malware researcher and lead threat advisor at cybersecurity firm Cofense. “Internet Explorer as a browser will disappear, but parts of it still exist.”
For something as long as IE, it’s hard to balance backwards compatibility with the desire for a whiteboard. “We haven’t forgotten that some parts of the web still rely on Internet Explorer-specific behaviors and features,” said Sean Lyndersay, general manager of Microsoft Edge Enterprise, wrote On Wednesday’s IE retrospective, point to IE mode.
But he added that it does need to start over with Edge rather than trying to save IE. “The web has evolved, and so have browsers,” he wrote last week. “The incremental improvements in Internet Explorer can’t be compared to the overall improvements across the web, so we’re starting over.”
Microsoft says it will still support IE’s underlying browser engine, called “MSHTML,” and it’s eyeing a version of Windows that is still “used in critical environments.” However, Maddie Stone, a researcher with Google’s Zero Vulnerability Search team, point out Hackers are still exploiting IE vulnerabilities for actual attacks.
“Internet Explorer 0 days per year has been pretty steady since we started tracking 0 days in the wild. 2021 is actually tied with 2016 for the craziest Internet Explorer 0 days we’ve tracked, despite the fact that Internet Explorer’s popularity among web browser users is Market share continues to decline,” she said wrote April, referring to a previously unknown vulnerability known as a zero-day vulnerability. “Even if users don’t use Internet Explorer as their Internet browser, Internet Explorer is still a mature attack surface for initial entry into Windows machines.”
In her analysis, Stone specifically noted that while the number of new IE exploits detected by Project Zero has remained fairly steady, over the years attackers have turned to increasingly targeting via malicious files such as tainted Office documents MSHTML browser engine. This may mean that neutering IE applications will not immediately change the trend of attacks that have already occurred.
Given the difficulty of controlling Internet Explorer, Microsoft and IE users around the world must have come a long way. But for a browser that should be dead, IE is still full of life.