Microsoft Upgrades Internet Explorer Security


feature -ieAn upcoming update for Internet Explorer will add a new security feature that blocks out-of-date ActiveX controls. In a move described by Microsoft as being specifically about ActiveX, the new feature will be managed per medium of an active blocklist. At this early stage the list contains just one offender – Oracle’s Java ActiveX control – but Microsoft says more will be added as other vulnerabilities are released or discovered.

That Java should make the blocklist initially and immediately is hardly a surprise, older versions of the plugin have presented a common attack vector for some time. Even Microsoft’s own research estimates that between 84.6% and 98.5% of all web-based exploits during 2013 took advantage of Java vulnerabilities. So, it makes sense that even blocking out-of-date Java plugins has the potential to dramatically improve security for end-users.

The block will not present an immutable barrier though, Internet Explorer will provide the user with the ability to override it on a one-off basis. Additionally, it will not apply to the Local Intranet Zone and Trusted Sites Zone, which will allow business customers to maintain compatibility via continuing to use obsolete plugins where no viable alternative exists.

According to a recent blog post from Fred Pullen, IE’s product manager, and Jasika Bawa, security program manager, the out-of-date ActiveX blocking feature will allow users to:

  • Know when Internet Explorer prevents a Web page from loading common, but outdated, ActiveX controls.
  • Interact with other parts of the Web page that aren’t affected by the outdated control.
  • Update the outdated control, so that it’s up-to-date and safer to use.
  • Inventory the ActiveX controls your organization is using.

However, those running older systems will not be able to take advantage of the new feature, with support restricted to the following configurations:

  • On Windows 7 SP1, Internet Explorer 8 through Internet Explorer 11
  • On Windows 8 and up, Internet Explorer for the desktop

This feature does not warn about or block ActiveX controls in the Local Intranet Zone or Trusted Sites Zone.

Is Internet Explorer the most Insecure Browser?

top 6 browsersThat Internet Explorer is the most insecure browser is a common perception, but is it perhaps a popular misconception? In my opinion, it’s largely a hangover from the old IE6 days and, as far as security is concerned, current IE versions compare favorably with competitor browsers.


A recent “PWN2OWN” competition, run back in March this year, appears to confirm this notion; showing that, while Internet Explorer was certainly susceptible to attack, Firefox fared worse and Chrome and Safari were also far from immune.

So, while Internet Explorer is certainly not perfect, neither are its main competitors, and IE’s security is nowhere near as comparatively inferior as some might have you believe.

End-of-Support for Older Internet Explorer Versions

In line with Microsoft’s efforts to bring all users up-to-date with the latest Internet Explorer versions, a recent IEBlog post announced end-of-support dates for older configurations. As of January 12th 2016, only the following operating systems and browser version combinations will continue to be supported:

Credit: Microsoft

Credit: Microsoft

After January 12, 2016, only the most recent version of Internet Explorer available for a supported operating system will receive technical support and security updates. For example, customers using Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10 on Windows 7 SP1 should migrate to Internet Explorer 11 to continue receiving security updates and technical support.

How Much Would You Pay to Extend Your XP Support?

dollarsLast but not least, this amazing piece of information courtesy of The Guardian – apparently, the UK and Dutch governments have paid Microsoft multiple millions to extend support for Windows XP past the April 8th cutoff date. The UK extension cost a cool £5.5m (that’s pounds folks, not dollars) for just one year, after which public-sector users will have to be moved to newer software.

Oh well, it’s only taxpayers’ money, plenty more where that came from.


<source>

 

Posted in:
About the Author

Jim Hillier

Jim is the resident freeware aficionado at DCT. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele... as well as writing for DCT, of course.

There are 7 comments

Comments are closed.