Newsletter Archives

  • Microsoft kills off Internet Explorer — mostly

    newsletter banner

    ISSUE 20.08 • 2023-02-20


    Susan Bradley

    By Susan Bradley

    Not feeling the love from Microsoft this month?

    That might be because the company is saying goodbye to its aged Internet Explorer Web browser (IE), albeit only on certain platforms.

    For Windows 10, the death of IE is not part of this month’s Windows update but rather part of the update to the Edge browser. That update would have been in the background, silent, and you may not have noticed it. Even if you did, you probably didn’t pay much attention. Unless, of course, you had moved from IE to Edge a while back. For you, the update re-migrated your favorites and bookmarks, making a duplicate list.

    Read the full story in our Plus Newsletter (20.08.0, 2023-02-20).
    This story also appears in our public Newsletter.

  • The end of the road for Internet Explorer


    Susan Bradley

    By Susan Bradley

    Well, not quite. Sort of. Maybe. Partially.

    Over a year ago, Microsoft published the Internet Explorer 11 desktop app retirement FAQ, announcing that IE11 would be retired on June 15, 2022. (That’s last Wednesday, in case you missed it.) Retirement means the end of support. The FAQ is full of details, confusing and self-contradictory.

    So what does this really mean?

    Read the full story in our Plus Newsletter (19.25.0, 2022-06-20).

  • Internet Explorer officially goes bye-bye – for Office, er, Microsoft 365 apps

    And that old version of Edge gets kicked to the curb, too.

    MS has officially announced the demise of Internet Explorer 11, at least as far as Office goes. Per the official announcement:

    Today, we’re announcing that Microsoft 365 apps and services will no longer support Internet Explorer 11 (IE 11) by this time next year.

    • Beginning November 30, 2020, the Microsoft Teams web app will no longer support IE 11.
    • Beginning August 17, 2021, the remaining Microsoft 365 apps and services will no longer support IE 11.

    This means that after the above dates, customers will have a degraded experience or will be unable to connect to Microsoft 365 apps and services on IE 11. For degraded experiences, new Microsoft 365 features will not be available or certain features may cease to work when accessing the app or service via IE 11.

    That’s bound to come as something of a surprise to folks who actually rely on IE 11. (I know a few of you readers use it.) Particularly because IE 11 doesn’t hit official end of service until your version of Windows hits EOL. Here’s what MS says:

    Internet Explorer is a component of the Windows operating system and follows the Lifecycle Policy for the product on which it is installed.

    So you get to keep IE 11 until Windows rots away — but if you use it with Office apps, you have one year to wean your system off.

  • Microsoft deleting – not moving – old Internet Explorer documentation

    A disturbing report from @VulturEMaN:

    My RSS feeds for MS documentation updates is showing a lot of IE8/9 documentation updates, but when I click those links all result in a 404. Likely these pages are being deleted. This just started over the last 2 days.

    Feed that doesn’t show the deletions:

    And then they’re deleting the update from the RSS feed itself. The proof is in the RSS posts that my account is showing for that feed, since RSS readers typically keep a copy of anything ever in the feed, even if it was added by mistake or removed.

    I have no kind words for people that delete documentation.Why aren’t they moving it to a site like and then put a big banner at the top that it’s legacy? How many of these articles are relevant to later versions of IE, so we don’t repeat history?

    You can read a more detailed account – including a list of 74 links that have disappeared – on Reddit.

  • Here’s why we’re not patching Internet Explorer


    By Susan Bradley

    There’s no way to sugar-coat this: The current Windows updating situation is a disaster.

    No, I’m not talking about the usual round of side effects in the second–Patch Tuesday updates, the lack of overall patch quality, or the known issues that impact only a small set of Windows users but that we’re still forced to track.

    Read the full story in AskWoody Plus Newsletter 16.35.0 (2019-09-30).

  • To block the latest zero day, instead of removing Internet Explorer, just short-circuit access to MHT files

    It’s pretty easy, if you know the tricks.

    Step-by-step details in Computerworld.

  • That Internet Explorer XXE zero day poking through to Edge

    I’ve been slammed for the past few days, and haven’t kept you folks apprised of the latest Internet Explorer 0day.

    It depends on you opening an infect MHT file. MHT is an old file format that’s almost always opened by IE — no matter which browser you’re using, no matter which version of Windows. Catalin Cimpanu has a good overview of this XXE vulnerability on ZDNet.

    It’s a doozy of security hole as it affects every recent version of IE, and it infects whether you’re actively browsing with IE or not.

    When you download files from the internet, they’re marked — the “Mark-Of-The-Web” — to tell programs that special care is required when opening the files. Thus, if you download an infected MHT file, IE will know that it needs to open the MHT file with caution (at “low integrity,” in a sandbox). That severely limits this exploit’s reach.

    There’s a lot of controversy about how bad this XXE hole really is. There have been lots of XXE holes discovered in the past. They’re used to pull files off your machine and send them to the bad guys. Microsoft figured this one isn’t all that bad, in part because of the MOTW mechanism. The folks who discovered this particular hole aren’t so sanguine. They responded to Microsoft’s snub last week by releasing details, proof of concept code, and even a video.

    Yesterday, Mitja Kolsek at 0patch revealed something disconcerting. If you use Edge to download an infected MHT file, Internet Explorer will open it like any other file. Says Kolsek:

    Does Edge not put the mark-of-the-web on downloaded files, or does it do it differently and somehow confuses Internet Explorer? That would be a serious flaw.

    He goes on to explain how Edge changes the permissions on downloaded files and, thus, why IE will open the infected MHT file as if it had no Mark-Of-The-Web.

    All fascinating stuff if you’re into this kind of thing. Ionut Ilascu has a synopsis on BleepingComputer.

    The 0patch company has a quick patch that you can apply, free, if you’re concerned about getting burned. I’m not going to link to it — I don’t want to take responsibility for 3rd-party patches to Windows — but you can find it quite easily if you’re really interested. That said, 0patch is highly regarded, and has made many useful hotfixes for Windows.

    What to do? That’s easy. Don’t open MHT files. And don’t use IE.

    Thx to @Alex5723 and others who have been posting about this problem while I’m off doing other things…..

    Let’s see if I get a definitive answer from this:

    UPDATE: @mkolsek, who published the report yesterday, confirms that reassigning the default handler for MHT files breaks the attack. He tested it. I’ll write this up.

  • Woody’s Windows Watch: Dispatches from the browser-war’s front lines

    Internet Explorer isn’t a web browser. According to Microsoft, it’s been demoted to a “compatibility solution.”

    Edge has some big fans, very few users — and it’s about to get a heart transplant.

    Chrome’s the crowd pleaser, but one hare-brained idea (recently rescinded) has to give you pause.

    Firefox keeps on foxing, but in terms of usage numbers, it can’t get a break.

    What should you do?

    Out this morning in AskWoody Plus Newsletter 16.6.0. Now available – yes, for free — on AskWoody.

  • Reported crash with the new out-of-band IE fix on Win7, KB 4483187

    Remember yesterday, when I warned you that these extreme out-of-band patches have a nasty habit of causing havoc?

    Reports of problems with the patches are starting to come in.

    @David Beroff reports:

    Why did my Windows 7 Home Premium (ver 6.1, build 7601, SP1) system start crashing as soon as KB4483187 was installed? I had about 5 crashes in as many hours, while I was trying to work with overseas clients, before I was able to go in and uninstall it. I don’t ever use MSIE, and would uninstall it if I could. No other software was installed recently, and my system is usually as stable as a rock. (The last time I had crashing issues, I narrowed it down to Google’s Backup and Sync, which is now only run manually at night, rather than on startup, but today it was not running at all during any of these events.) Thank you.

    @PKCano has a good first guess:

    My guess is that there is some conflict between the javascript files that were changed in the KB4483187 update and some program you are using on your computer.

    What browser are you using?
    What program(s) are you using when the crash occurs?
    What AV program do you run?

    I know that all of the experts are scurrying around like Chicken Little, telling you that you need to install this patch, like, right now.

    I don’t buy it. There have been no details released that I can find. Clement Lecigne of Google’s Threat Analysis Group, who reported the problem, hasn’t said anything publicly. Google’s TAG is quiet on the topic. No reports of infections.

    When the patching world goes silent like that, it usually means that we’re looking at a very limited vulnerability. It may turn into a monster at some point – but we aren’t yet at that point. The likelihood of having your machine clobbered, in my opinion, is much higher than the likelihood of you hitting this particular security hole.

    Hang on. Although you’ll have to patch sooner or later, you don’t need to do it right now. My best advice is to stop using IE. Yes, I know that security holes in IE can be exploited other ways because IE is still woven into Windows. But the worst offender — Outlook rendering of formatted emails with the IE engine — was plugged many years ago. I haven’t heard of any direct infections through IE. And it’s a big step from an IE exploit to an infection via other means.

    We’re still at MS-DEFCON 2 for a reason.

  • Netmarketshare says Chrome’s getting even more market share, while IE and Edge continue to circle the drain

    Although Edge itself has gone up by a minuscule amount, IE 11 went down by more than Edge.

    All hail Chrome.

    See Gregg Keizer’s analysis in Computerworld.

    According to California-based analytics company Net Applications, IE’s and Edge’s share dropped by a quarter of a percentage point in October, ending at 13.8%, a record for the century and a number not seen by Microsoft since IE first took on Netscape Navigator in the 1990s.

  • NetMarketshare: Internet Explorer usage up a touch, Edge down

  • Keizer: Microsoft’s browsers are dying

    Er, dieing. Sorry.

    Gregg Keizer has a good look at the rapid decline of the IE (+ Edge) hegemony.

    Even though IE showed an uptick in usage last month, per Net Applications, the prognosis for Microsoft browsers is dismal:

    By the time Microsoft retires Windows 7, and for effective purposes, IE as well, Windows 10 should have reached a user share (of all Windows) of around 63.6%, assuming its climb continues on the past year’s trend line. If Edge hasn’t, well, edged up as a share of all Windows 10 by that time – and all evidence is that it will not – then Microsoft’s active browser share will be in the single digits, perhaps as low as 6%.

    Hard to imagine IE + Edge at 6%, but then again Windows Phone took a hard, fast fall, too.