More than a year ago, computer users around the world were disappointed by the news, that Microsoft will stop the technical support and maintenance of the Windows XP operating system. What it means? It means, that Microsoft had stopped blocking vulnerabilities, fixing bugs and providing assistance on issues related to the XP OS. Many users expected some kind of apocalypse, with millions of infected PCs and inability to use XP - but nothing happened. True fans of XP still use it. But now there are new concerns related to the product of Microsoft, this time the older versions of Internet Explorer are under threat. On January 12, the support for older versions of Internet Explorer (8, 9 and 10) had been completely dropped.
Last Tuesday the first set of Microsoft patches in 2016 was released, and the maintenance of outdated versions of IE has been permanently discontinued. Microsoft warned users about this event more than a year ago, in order to have time to prepare everything and move to a new version of the browser. But, as it was expected, many users, both private and corporate, are going to continue to operate the older versions of IE, in spite of the withdrawal of support. Thus, according to Netmarketshare.com, the share of IE 11 now account for more than 25.5% of the browser market, on IE 8, 9 and 10 taken together - about 20%. According to the data of Duo Security services, the overall rate for IE 9 and 10 running on Windows 7, 8, or 8.1, it is even higher - about 37%.
Craig Young, an expert on Internet security from Tripwire, commented: "The difference between using the vulnerabilities of the browser and vulnerabilities of the OS is, that for a successful exploit of OS vulnerabilities, the attacker needs to advance access to the local network, or to provoke a user to open a malicious file. Browser, due to the nature of its work, is constantly processing data from potentially untrusted sources, and opens up tremendous opportunities for the attackers. "
It should be noted, that Microsoft continued to work on IE to the deadline, every Tuesday releases dozens of patches. Unfortunately, this work actually will come to nothing, because in order to discover a new, previously unnoticed vulnerability in older versions of IE, the attackers only need a little patience. They are preparing for this time for a year and a half. They knew, that many users don't want to, or for some reason can't change the familiar browser. Hackers had enough time to prepare and collect data about the vulnerabilities. Michael Hanley, head of research and development of Duo Security expects, that 2016 will bring thousands of attacks against IE 8, 9 and 10.
Craig Young also said that we should not expect massive attacks on IE immediately after the cessation of support. Hackers can't store data about the vulnerabilities, not knowing exactly which patches will be released. But to get the latest data, they could just wait for the next patch for IE 11, because according to the Tripwire VERT database of vulnerabilities, more than 60% of the vulnerabilities fixed in IE 11, were present in earlier versions.
Why respected IE users do not want to update their browsers? It's all about application compatibility. Many applications used by large organizations are specifically optimized to work with older versions of IE. This means, that the heads of IT-departments have a difficult decision: to create a new package of software and applications, designed for newer browsers, or to put their systems at risk, leaving the potentially vulnerable browsers in operation.
In theory, at the organizational level, this problem can be solved by means of total control of web-surfing. If the employee will attend only the web sites, required for his job, which a priori can't threaten the safety of his PC, the browser vulnerability won't manifest itself. But during the lunch, when everyone uses his computer for entertainment, the vulnerability will show itself in all its glory. Alas, completely prohibit employees to use the Internet during breaks rather problematic. It is really interesting to see what way those organizations will choose. What do they prefer: the risk of burglary and resentment of employees, or major expenditures on the new software?
Mr. Young said, that this time, the users who use the auto update of Microsoft programs, are in a much more comfortable position than corporate users. They will not face the problems of compatibility of specialized programs and applications, and, most likely, they already use IE 11.
So, from January 12, the Internet Explorer (versions 8, 9 and 10) has become a serious breach in the security of your operating system. If from that time you did not upgrade your browser, and now you notice any signs of infection by the hijackers or adware, you need to take immediate actions to clean up the computer. On PCFixHelp.net, you will find the latest news about the most dangerous viral software, and safest techniques to remove them.
Source : articlesbase.com
0 comments:
Post a Comment