Windows users face a dangerous world with end of support for older Internet Explorer versions

Microsoft officially drops support for most older versions of Internet Explorer today. That means no more security updates for tens or hundreds of millions of Windows users, many of whom will be blissfully unaware that they're in danger.
Written by Ed Bott, Senior Contributing Editor

For Microsoft, backward compatibility is a tremendous competitive advantage. It's also a support nightmare, not just for the engineers who have to deliver patches but for third-party developers and web designers who have to support outdated code.

At one point in early 2014, thanks to Microsoft's 10-year support lifecycle for Windows, the company was actively supporting no fewer than five versions of Windows: XP, Vista, Windows 7, Windows 8, and Windows 8.1.

That assortment of operating systems also represented no fewer than six versions of Internet Explorer.

With the end of support for Windows XP in April 2014, Internet Explorer versions 6 and 7 finally fell off the official support lifecycle. But that still leaves four versions of Internet Explorer in widespread use.

Effective today, Microsoft officially ends support for all but the latest version of Internet Explorer. This certainly shouldn't come as a surprise; the company gave nearly 18 months of warning, starting in August 2014.

Today's news isn't as cut and dry as it sounds. I've already seen plenty of oversimplified headlines like these, all offering variations on the theme that Microsoft is "killing off" Internet Explorer 8, 9, and 10, leaving only IE 11 supported


The reality is slightly more complex. Internet Explorer 9, for example, remains actively supported on Windows Vista, which still has tens of millions of users worldwide, and on Windows Server 2008. And Internet Explorer 10 is still supported on Windows Server 2012. None of those operating systems are capable of upgrading to newer IE versions.

The underreported part of today's news is that Microsoft is also ending support for the original, 2012 release of Windows 8, which shipped with Internet Explorer 10. Anyone running Windows 8 can upgrade to Windows 8.1 (which includes the supported Internet Explorer 11) for free. For whatever reason, though, tens of millions of people are sticking with the unpopular and now unsupported Windows 8.

What's frightening about the end of support for older versions of Internet Explorer is that there's no "kill switch" for outdated and unsupported versions. Consumers and businesses who never bothered to install the latest IE version can continue browsing with their old, unsupported code. Each month the likelihood that they'll be attacked increases as new vulnerabilities are discovered and go unpatched.

The most vulnerable population is the enormous installed base of Windows 7 PCs. When Windows 7 shipped in late 2009, it included the shiny new Internet Explorer 8. As businesses began to move away from XP and Internet Explorer 6, they built line-of-business apps for IE 8, and many of them found it easier to block the upgrades to IE 9, 10, and 11 than to update those apps.

Likewise, some consumers who settled on Windows 7 PCs found those updates annoying, so they turned them off.

The result, according to analytics firms, is that a huge number of PC users are out in the cold effective today, many of them blissfully unaware of the change.

As of the end of December 2015, according to StatCounter Global Stats, more than 5 percent of all web pages were visited using browsers that are no longer supported as of today. The numbers from Net Applications (netmarketshare.com) are much more dire: They estimate that the percentage of PCs using unsupported browsers is over 20 percent of the total installed base, which works out to hundreds of millions of potential targets for cybercriminals.

Part of the reasoning behind Microsoft's aggressive campaign to deliver Windows 10 as a free upgrade to Windows 7 PCs is to mitigate that risk. Windows 10 includes both Internet Explorer 11 and Microsoft Edge, and the new mandatory update policy makes it nearly impossible for consumers and small businesses to willingly wind up in an unsupported configuration.

In large organizations, IT pros can deploy Internet Explorer 11's Enterprise Mode, which does a nifty job of mimicking older IE versions so that those older web apps will work properly.

But there's little that can be done for Windows 7 users who simply turn off automatic updates and stick with old, unsupported browsers even when newer alternatives are available.

For Microsoft, the end result is a world where there's only one Windows version and one supported Microsoft browser. But it will be years before the support commitments for Windows 7 and Windows 8.1 finally end and that vision is achievable.

Until then, expect things to get messy.

Editorial standards