Ripping out Internet Explorer
Published in the June 17, 2022 Morning Cybersecurity Newsletter
Government IT consultant Matt Keller has a rare piece of good news about the federal government’s cybersecurity strategies: most agencies were prepared for the end of Internet Explorer earlier this week.
“If you’re upgraded or you’re on a more modern operating system, then it’s really a non-game changer,” said Keller, vice president of federal services at GuidePoint Security.
Earlier this week, Microsoft formally ended security support for its once-ubiquitous Internet Explorer browser, meaning anyone still using it could be a bigger hacking target since Microsoft isn’t creating new vulnerability patches or other system updates for the browser. While the federal government isn’t the speediest at updating outdated software, Keller said Microsoft’s announcement last year warning about this week’s change should’ve given agencies the time they needed to make sure their operating systems are updated and their employees have different browser options to choose from.
But problems could arise for agencies that haven’t stayed on top of operating system upgrades, especially since Internet Explorer is embedded in several applications in older Windows systems. “It’s not like an ‘end-of-life’ happens, and it doesn’t work anymore like some other software because it is so baked into the operating system on their computers,” Keller said.
Keller said there’s also a chance that some legacy government applications running on government computers could still rely on Internet Explorer in their searches, creating the potential for exploitation down the line. In those cases, a “software bill of materials — which lists all of the code inside a piece of software for easy vulnerability detection — will be an agency’s best bet at identifying what applications to upgrade.
“If you know what’s installed on your network, then you should have a good handle on this and you should have had a good handle on this for quite a while,” he said.