Users of the Internet Explorer (IE) browser should update to the newest edition for their operating system -- in most cases, that means IE11 -- even if they've discarded the browser for a rival, Microsoft said.
On Tuesday, Microsoft served up the final security updates for most users of editions prior to IE11, making good on a pledge that it would pull the patch plug on its older browsers.
In August 2014, Microsoft abruptly announced that support for IE9 would continue after Jan. 12, 2016, only for those running Windows Vista and Windows Server 2008, and for IE10 only on Windows Server 2012. Everyone else had to be on IE11 or Windows 10's Edge to continue to receive security updates and technical support.
Executing that order, Microsoft on Tuesday issued a final public security update -- dubbed MS16-001 -- for IE8, and those running IE9 and IE10 on all but the OS exceptions. The update patched a critical vulnerability in the VBScript (Visual Basic Script) rendering engine packaged with those versions of IE. (The same bug also affected IE7, but was patched separately with MS16-003.)
But even if Windows users have ditched IE for an alternate browser -- like Google's Chrome, Mozilla's Firefox or Opera Software's Opera -- they should still migrate to the newest-possible IE, and keep updating the browser, said Pat Altimore, a Microsoft senior software developer consultant.
That's because of the decision Microsoft made decades ago to tightly intertwine IE and Windows, a move that triggered a long antitrust case in which a federal judge threatened to force the company's breakup.
"There are many components that constitute the [IE] browser. Most of the components are part of the operating system," Altimore wrote in a Jan. 8 post to the MSDN (Microsoft Developer Network) blog.
Applications other than Microsoft's IE can, and do, call on those components to display HTML or execute scripts. "If you aren't upgraded to the current version of IE, you won't be able to apply the current security updates. This could result in some Windows components not being serviced. To ensure applications using components are fully patched, update to the latest version of IE and apply future cumulative IE updates," Altimore said.
Altimore's advice applied to nearly half of all Windows users: According to Internet metrics vendor Net Applications, 47% of Windows users last month ran a browser that wasn't IE to reach the Web. And the percentage of Windows users who rely on an IE alternative has surged in the last 12 months. Faced with a shutoff of IE security updates, approximately 172 million have instead switched browsers, most of them to Chrome.
Sign up for CIO Asia eNewsletters.