Even if they are patched, older IE releases aren’t secure

Oct 10, 2012 12:05 GMT  ·  By

Microsoft recently released a patch to fix a critical security vulnerability found in its Internet Explorer browser that affects versions 6 to 9. Internet Explorer 10, the release that’s currently bundled into Windows 8, wasn’t affected by the flaw.

Charlie Sanchez of security company AVG warns that older Internet Explorer versions are still risky, even if Microsoft continues to patch them.

“Interestingly, Microsoft still offers a broad level of support for versions of its browser dating back to Internet Explorer 6 and indicates that some of the older versions are still vulnerable to exploit. Security Update MS12-063 is rated as ‘critical’ for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8 and Internet Explorer 9 when used on Windows clients. By ‘clients’ in this case, the company simply means desktop computers,” he said in a blog post.

Internet Explorer 10, the only one that’s not affected by the recently-spotted vulnerability, is the default browser in Windows 8, the new operating system developed by Microsoft.

The browser is yet to be released as a standalone package, but Microsoft will do so after the official October 26 launch of the OS. Although not confirmed, it’s believed that IE 10 will work on both Windows 7 and Windows Vista platforms.

“Internet Explorer 10 is not affected and the firm does not offer information on whether Apple Mac computers running a version of Internet Explorer are affected. The security update (once installed) is said to address the identified vulnerabilities by modifying the way that Internet Explorer handles objects in its memory,” Sanchez explained in his post.

If you want to read more about both the patch and the security flaw, follow this link.