Stop using IE6, IE7 NOW, warns Microsoft

The software giant today issued an advisory warning companies and individuals to upgrade to Internet Explorer 8 as soon as possible to protect themselves from the vulnerability that allowed Chinese hackers to infiltrate and steal software source code from some of the world’s largest software companies including Google and Adobe.

While Microsoft says the hackers got in to corporate PCs running Internet Explorer 6 it is recommending that companies upgrade to version 8 immediately to get its stronger security. Microsoft also said that anyone using Windows XP original release or XP service pack 2 should immediately upgrade to XP service pack 3 (or a newer version of Windows such as Windows 7 if their PC is capable of running it).

The unusual recommendations from Microsoft mark a sharp break with the company’s history of supporting old versions of software for as long as customers want to use them allowing for slow and smooth corporate migrations to new versions once they have been fully tested by corporate IT departments against a company’s full suite of applications.

Microsoft’s slow-moving long-term support for legacy software is often cited as the reason it is prefered by lumbering corporate IT departments over Apple Mac OS X which frequently breaks compatibility with older software as each new version is released.

However Microsoft has also been accused of enabling lazy or underfunded IT departments to stick with inferior older software because it continues to be supported by Microsoft beyond its practical lifespan.

Internet Explorer 6 was released in 2001 — eight years ago — but continues to be used in many corporate environments today because poorly-coded corporate intranet applications would require rewriting to work in more modern web browsers that are compliant with web standards. The problem is partly of Microsoft’s own making because Internet Explorer 6 included many proprietary Microsoft technologies that were never part of formal internet standards. Companies then used these proprietary technologies as a basis for their in-house applications without realising that it would lock them in to using the Microsoft browser ongoing — and as it turns out not even more recent releases of Internet Explorer as Microsoft pulled the newer browser versions into standards compliance (Internet Explorer 8 does have a “compatibility mode” that emulates IE6 though which makes it a more practical upgrade for corporate environments.)

Microsoft’s urging to upgrade to IE8 appears to be partially in response to the German and French governments’ recommendation that people stop using Internet Explorer altogether due to its security vulnerabilities.

Microsoft’s announcement said: “It is important to note that all software has vulnerabilities and switching browsers in an attempt to protect against this one highly publicized but currently limited attack can inadvertently create some false sense of security. Moreover IE8 has other built-in security protections such as the SmartScreen filter that other browsers do not have that protect against real consumer threats such as socially engineered malware and phishing attacks.”