Today, January 12, is the last time Microsoft will deliver security updates to users that are still using Internet Explorer 8 as well as most users that are still on versions 9 or 10.

From now on, only the most recent version of Internet Explorer available for a supported operating system will receive technical support and security updates. For example, customers using Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10 on Windows 7 SP1 must migrate to Internet Explorer 11 to continue receiving security updates and technical support.

Support will still continue for versions 9 and 10, but only if that is the latest version available for your operating system. Here is the current list of operating systems and browser version combinations that are supported:

Windows Platform Internet Explorer Version
Windows Vista SP2 Internet Explorer 9
Windows Server 2008 SP2 Internet Explorer 9
Windows 7 SP1 Internet Explorer 11
Windows Server 2008 R2 SP1 Internet Explorer 11
Windows 8.1 Internet Explorer 11
Windows Server 2012 Internet Explorer 10
Windows Server 2012 R2 Internet Explorer 11

This is a grave concern for law firms. As of today Microsoft will no longer produce security patches for critical vulnerabilities in the browser. As time goes on, more and more critical security holes will be found, and attackers will have free reign to exploit them. If your firm is running unsupported software, you could be exposed to liability under the Data Protection Act; especially in a case where you are storing personal data on those computers. In addition, the increased chance of hacking into your firm’s computers could open up the firm to a variety of risks including compromised information security, reputational risks and bogus firms.

Our research has found that at least 25% of law firms are using an unsupported version. Law firms are slow to change, and browser upgrades are no exception to that rule.

To learn more, visit the Microsoft blog.

What you need to do

It is strongly recommended that all organisations using unsupported software upgrade as soon as possible. If this is not possible, the UK government recommends some short-term mitigations to minimise exposure. These include the upgrade of high-risk user devices, such as devices used for corporate remote access, as they will be subject to greater physical threat and be more susceptible to network-borne attacks. Devices that can access more sensitive information or services, including personal data, should also be prioritised.

To learn more see the CESG guidance on the matter.



Leave a Reply

Your email address will not be published. Required fields are marked *