IE Legacy and Security Concerns
The End of Support and Disablement
“Internet Explorer (IE) has officially ended support on June 15, 2022,” the researchers explain. “Additionally, IE has been officially disabled through later versions of Windows 10, including all versions of Windows 11. Disabled, however, does not mean IE was removed from the system. The remnants of IE exist on the modern Windows system, though it is not accessible to the average user.”
Security Updates Continue
The IE components that still exist in Windows continue to receive security updates, but users can’t easily open the browser user interface. For browsing tasks that require IE compatibility, Microsoft offers IE mode for Edge, which mimics IE features but operates inside Microsoft Edge’s strong and modern security sandbox.
Exploitation Techniques and Vulnerabilities
The same technique of using mhtml:[URL]l!x-usc:[URL] links to invoke the MHTML protocol handler was used in the exploitation of a different vulnerability in 2021 tracked as CVE-2021-40444. However, in that case, the trick was used in Word documents, but this is the first time seen in Windows shortcut files.
Conclusion
Despite IE being officially disabled and no longer supported, remnants of the browser still exist within modern Windows systems. This presents a security risk, as users cannot easily open the browser interface and exploit vulnerabilities. However, Microsoft continues to provide security updates for the existing IE components. Users are advised to avoid using IE and instead opt for compatible alternatives like IE mode in Edge.
FAQs
- Q: What is the current status of Internet Explorer?
- IE has officially ended support on June 15, 2022, and has been officially disabled through later versions of Windows 10 and all versions of Windows 11.
- Q: Are IE components still receiving security updates?
- Yes, IE components still exist in Windows and continue to receive security updates, but users cannot easily open the browser user interface.
- Q: What is IE mode in Edge?
- IE mode in Edge mimics IE features but operates inside Microsoft Edge’s strong and modern security sandbox, providing a secure alternative for users requiring IE compatibility.
- Q: Are users still vulnerable to IE exploits?
- Yes, as long as IE remnants exist on the system, users remain vulnerable to exploits. It is recommended to avoid using IE and instead opt for compatible alternatives like IE mode in Edge.
