Outdated Internet Explorer versions still run on many business PCs
http://betanews.com/2016/05/11/outdated-internet-explorer-business-pcs/

Businesses around the world don’t really enjoy updating their software, security researchers from Duo Security have found, exposing themselves, and their organization to risks of cyber-attacks, phishing, scams and malware.

Researchers looked at a sample of two million Windows devices used by businesses around the world and found that almost a quarter, and that’s 500,000 devices, are using an outdated and unsupported version of Internet Explorer.

That puts both the users and the company at risk from more than 700 known, and who knows how many unknown, vulnerabilities.

Besides using outdated Internet Explorer, almost two-thirds (60 percent) of business users are also risking a lot by using an out-of-date version of Flash. Almost three quarters (72 percent) are using an outdated version of Java, also putting their systems at risk.

Microsoft has had “passionate” discussions about renaming Internet Explorer to distance the browser from its tarnished image, according to answers from members of the developer team given in a reddit Ask Me Anything session today.

Internet Explorer will soon join its rival browsers by automatically blocking old, insecure add-ons – and it’s got its eye set squarely on Java.

Microsoft said on Wednesday that starting on August 12, Internet Explorer will begin alerting users when web pages try to launch ActiveX controls that are considered out-of-date and potentially insecure.

The change mirrors similar features found in competing browsers, including Chrome and Firefox, both of which already block out-of-date and unsafe plugins.

Microsoft will maintain the list of verboten ActiveX controls itself

What’s interesting, though, is that when the blocking feature launches later this month, Redmond’s blacklist will consist of but a single culprit: Oracle’s Java ActiveX control.

And not just one or two versions of the add-on will raise the alarm, either. Microsoft has flagged every version from all but the most recent patch levels of the Java SE platform, going all the way back to Java SE 1.4.

After January 12, 2016, only the most recent version of Internet Explorer available for a supported operating system will receive technical support and security updates. For example, customers using Internet Explorer 8, 9, or 10 on Windows 7 SP1 should migrate to Internet Explorer 11 to continue receiving security updates and technical support.

By switching to a non-Microsoft browser, Windows XP users can halve the number of vulnerabilities that apply to the OS, according to a survey of flaws Microsoft fixed in the second half of 2013.

The statistics support the advice from security professionals, who have recommended users run a rival browser to avoid some of the attacks aimed at their unprotected PCs.

In a rare move that highlights the severity of the security hole in one of the Web’s most popular browsers, the US Computer Emergency Readiness Team and its British counterpart tell people to stop using Internet Explorer until Microsoft can fix it.

It’s not often that the US or UK governments weigh in on the browser wars, but a new Internet Explorer vulnerability that affects all major versions of the browser from the past decade has forced it to raise an alarm: Stop using IE.

The zero-day exploit, the term given to a previously unknown, unpatched flaw, allows attackers to install malware on your computer without your permission. That malware could be used to steal personal data, track online behavior, or gain control of the computer.

A Web and app designer has stolen a page out of Microsoft’s own playbook in urging users to abandon three of the company’s four newest browsers because Microsoft is “standing in the way” of progress.

Josef Richter, formerly a website designer who now works primarily on iPhone app design, registered a quartet of domains two years ago — including theie8countdown.com — just a day after Microsoft debuted its own Internet Explorer 6 (IE6) deathwatch at ie6countdown.com.