Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Patch Tuesday Warmup: Internet Explorer Sunset and Windows XP Embedded End of Support - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Patch Tuesday Warmup: Internet Explorer Sunset and Windows XP Embedded End of Support

As we are waiting for the Microsoft Santa to slide down our Data Center air conditioning duct later today to deliver a delicious package of patches (did you leave some floppy disks and a can of red bull out for him?), we got a couple other announcements from Microsoft that should not be overlooked:

- January will be the last month Microsoft will provide updates for any Internet Explorer version other than Internet Explorer 11! Even Internet Explorer 10 will no longer be supported after January patch Tuesday (January 12th, 2016).

- Support will also end for Windows XP Embedded. This will also make it more difficult for other Windows XP left-overs that tricked their version to use the Embedded updates. But nobody should be running XP anyway (right?).

- Still running Windows 7 or 8.1 (sure way to stay on MSFT Santa's "naughty" list)? Rumor has it that with today's patch Tuesday, Microsoft may re-enable the auto-upgrade to Windows 10. You may flip the switch back to not update, but it will set itself to "on" once a day.

[1] https://www.microsoft.com/en-us/WindowsForBusiness/End-of-IE-support
[2] https://support.microsoft.com/en-us/lifecycle/search/default.aspx?=&alpha=Windows%20XP
​[3] http://www.computerworld.com/article/3012278/microsoft-windows/microsoft-sets-stage-for-massive-windows-10-upgrade-strategy.html#tk.rss_all

 

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

I will be teaching next: Defending Web Applications Security Essentials - SANS Munich July 2019

Johannes

3558 Posts
ISC Handler
Wow, this is really cruddy of Microsoft. In our environment, we absolutely cannot go to Windows 10 as we have
proprietary software in house that won't run on 10. We are perfectly happy on Windows 7 on those systems that do
not run the proprietary software. Not to mention we are small and our "internet pipe" is small. I remember what those
massive Windows 10 downloads did to our connection, it slowed to a crawl! Now I have to spend time scripting a way
to daily run and disable the Win10 patches that will force an unwanted upgrade to my systems. Gee, thanks Microsoft!
More motivation to move the desktops to Linux, my servers are already there.
Val

10 Posts
Anyone know if they have changed their stance on forcing IE11 into server 2012 non-R2?
We, and I'm sure others, have LOB applications that vendors refuse to support on R2.
Jaybone

27 Posts
Anonymous
Quoting Jaybone:Anyone know if they have changed their stance on forcing IE11 into server 2012 non-R2?
We, and I'm sure others, have LOB applications that vendors refuse to support on R2.


IE 11 isn't compatible with Server 2012, so IE 10 will still be supported. They are only dropping older IE support for supported OS versions that are IE 11 compatible.
Anonymous
The definition of malware starts with "'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive software..."

If a user does not want Windows10 and Microsoft keeps back door-ing the upgrade process on the users equipment, to me (not that I matter much) this meets the definition of malware under "hostile or intrusive".

In an environment where a large number of PCs are not Win10 compatible and that is bandwidth limited - such as a school - this can turn into a large scale disaster. Box gets upgraded to windows10, reboots, no network driver, no system bus driver, no chipset compatibility. Thanks for bricking the PC....

Even though Microsoft says that enterprise licensed versions of 7 and 8.1 will not upgrade to Win10 automatically, this is NOT what we are seeing.

Even when running an internal WSUS box, devices are still getting the upgrade.

Thanks so much for the help Microsoft. Thanks so much for pushing us even further down the road to Chrome devices.
Anonymous
Here's the full life cycle for IE:

https://support.microsoft.com/en-us/gp/microsoft-internet-explorer

Vista and 2008 non-R2 run IE9 as their highest version, which is supported until the OS end of life.
Joey

18 Posts
Windows XP Embedded <> Windows Embedded POSReady 2009

The latter gets updates via "Windows Update Agent" until its end-of-life in April 2019. The other NEVER got updates that way, but had to be updated by its builder.
Anonymous
FUD, FUD, really lovely FUD: don't give a shit on rumor!

The documented setting to disable the upgrade to Windows 10 is a POLICY. These are OFF-LIMITS for Microsoft, and NEVER touched by an update!

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"DisableOSUpgrade"=dword:1
Anonymous
>> January will be the last month Microsoft will provide updates for any Internet Explorer version other than Internet Explorer 11!

I really have to stop believing everything I read on the Internet. :-)


Windows Vista is still within its "Product Support Lifecycle", and IE9 (the highest version supported by Vista) therefore still is supported, and will continue to be supported until Vista sinks into its own sunset (Wednesday, April 12, 2017).

Note that some web-servers (notably "Yahoo Mail" and "YouTube") complain when try detect IE9 -- shame on them! [Or, is it shame on Microsoft for _not_ freely offering Windows 10 to users of Vista ??? Heck, Microsoft, if you're giving away 100 million licenses, at $100/license, why not invite Vista systems to the party ???)

Any Microsoft OS supporting IE10 will support IE11. So, it makes sense for Microsoft to arm-twist users to upgrade, so that Microsoft can drop support of IE10. But, please, Microsoft, don't push a "get_IE_version-XI" application onto my computer. :-)
Anonymous

Sign Up for Free or Log In to start participating in the conversation!