Importance of Disabling Legacy Applications Such as Internet Explorer - WST

"Legacy” applications are products that are no longer being supported and therefore are not releasing any updates. When an application is no longer being supported and managed, it allows bad actors to try and find vulnerabilities that lead to access of your network or data theft. It may not always seem like the ideal, or easiest, task getting employees on board with using the latest and greatest but when it comes to security it is the most important.

Internet Explorer 11 (IE11) is one of the most utilized applications around which has made it the most difficult for people to let go. As web browsers are applications used for a wide variety of tasks, it is important to stay current. For security purposes, IE11 has been disabled by Microsoft through an update to help guide users over to Microsoft Edge. The update has only been pushed out on certain versions of Windows 10 (20H2 and newer.) However, Microsoft is also working on updates that will remove the IE11 desktop icons, as well as from the start menu and the task bar. To try and help the transition, Microsoft has released an IE mode which gives users the ability to utilize web applications that operate only with IE, within Microsoft Edge (great for environments that have kept IE around for compatibility reasons). Unfortunately, older versions of Windows (Windows 10 prior to 20H2, Windows 7, Window Server 2008 R2, etc.) will not be updated and can still use IE11. This will leave those hosts vulnerable to current and future exploits of the deprecated application. The best policy is to keep Windows patching up to date after updating and testing within dev and test environments first. For further detail and to stay current on updates about the matter: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/internet-explorer-11-desktop-app-retirement-faq/ba-p/2366549.

Wherever possible, get “Legacy” applications out of your environment and help keep your network up to date and secure!

Authored by: Taylor Conder, Sec+