IE continues to be a security fiasco for Microsoft

Jun 10, 2015 04:41 GMT  ·  By

Microsoft has been trying really hard to make Internet Explorer a more secure browser, but despite the security improvements the app has received lately, it continues to be one of the most vulnerable pieces of software on the market.

Living proof is this graph provided by Qualys, which shows that, on average, there are 20 vulnerabilities in Internet Explorer that are discovered by Microsoft and other security researchers every single month.

Wolfgang Kandek, CTO of Qualys, says that it’s essential for users and system administrators to prioritize the deployment of Internet Explorer patches because of the high number of vulnerabilities found in the browser, many of which allow remote code execution and give the attackers the possibility of getting full control of an unpatched machine.

“Internet Explorer (IE) is in the top spot of our recommendations this year as it has been for the last 12 months with the occasional exception of more urgent 0-days in Microsoft and Adobe products. The reason is that security researchers continue to report a large number of vulnerabilities in IE - on average over 20 per month,” Kandek explains.

New patches this month

Unsurprisingly, Internet Explorer is one of the apps that got patched this month, and MS15-056 is a cumulative update that addresses no more, no less than 24 vulnerabilities in the browser.

Successful exploitation requires the user to view a malicious website that contains elements specifically developed to take advantage of the flaw, so until you patch your system, you'd better stay away from links coming from unknown or suspicious sources.

Internet Explorer will be replaced in Windows 10 with a new browser called Microsoft Edge, which Microsoft will make the default option in the operating system and offer across all devices, including tablets, smartphones, and PCs.

Microsoft Edge will be offered alongside Internet Explorer at first, in order to prevent any compatibility issues with some websites that might arise because of the new engine, but the company confirms that its old browser could be removed at some point, after the Edge engine becomes compatible with the majority of websites.