Microsoft Edge Archives – Gridinsoft Blog Welcome to the Gridinsoft Blog, where we share posts about security solutions to keep you, your family and business safe. Tue, 21 Jun 2022 10:24:12 +0000 en-US hourly 1 https://wordpress.org/?v=90907 200474804 Internet Explorer shutdown. The Epithaf https://gridinsoft.com/blogs/ie-shutdown/ https://gridinsoft.com/blogs/ie-shutdown/#respond Sun, 19 Jun 2022 16:36:38 +0000 https://gridinsoft.com/blogs/?p=8675 On June 15, Microsoft will finally end support for Internet Explorer on various versions of Windows, almost 27 years after its launch on August 24, 1995. The desktop version of IE will be disabled and replaced with the new Microsoft Edge, with users automatically redirected to Edge when they launch Internet Explorer 11. Internet Explorer… Continue reading Internet Explorer shutdown. The Epithaf

The post Internet Explorer shutdown. The Epithaf appeared first on Gridinsoft Blog.

]]>
On June 15, Microsoft will finally end support for Internet Explorer on various versions of Windows, almost 27 years after its launch on August 24, 1995. The desktop version of IE will be disabled and replaced with the new Microsoft Edge, with users automatically redirected to Edge when they launch Internet Explorer 11.

Internet Explorer is over. What happened?

Microsoft will end support for IE11 on a list of Windows versions. The company means versions of Windows 10 shipped through the semi-annual channel on systems running Windows and Windows 10 IoT client SKUs. Internet Explorer is also not available on Windows 11, which defaults to Chromium-based Microsoft Edge. However, IE will be available on some versions of Windows after June 15, 2022:

  • Windows 7 ESU;
  • Windows 8.1;
  • Windows 10 LTSC client;
  • Windows 10 IoT;
  • Windows server.
  • According to Microsoft, Internet Explorer 11 for operating systems that Microsoft support at the moment will receive lifetime security updates and technical support. In addition, the Edge browser will be able to select IE11 mode, which maintains backward compatibility with the original browser. This mode will be maintained until 2029.

    Internet Explorer history. Why didn’t they discontinue it earlier?

    Internet Explorer was one of the first web browsers available for the broad market. Appeared in 19951, it was competing with Netscape Navigator – the predecessor of Mozilla Firefox. Their confrontation is known as the First Browser War – and IE emerged victorious from this fight. By 2003, the default Windows browser had the absolute dominance of the browser market, accounting for about 95% of all users. His hegemony began crushing with the release of Mozilla Firefox – released by the defeated team of developers.

    Internet Explorer 1.0 Win95
    Internet Explorer’s baby photo – the 1.0 version

    Still, the high market share does not mean that the product is ideal. In the late ‘90s, when there were no alternatives, Explorer was OK with its functionality and speed. However, the appearance of a broadband connection uncovered a ridiculous slowness of the IE. The JavaScript handling approaches were aimed at data saving, suitable for dialup connections – but inappropriate for high-speed Internet. The appearance of Firefox showed how browsers must actually look and work. That apparently was very contrast to what Internet explorer was offering. Slow, buggy, and vulnerable to malware injection, Explorer began losing the market share extremely quickly. But Microsoft did not pay any attention to the problem – the IE 7 that was intended to fix some of the problems was released in 2006, together with Windows Vista.

    Slowness, huge amounts of bugs, delayed implementation of new features and compatibility issues created a halo of ill fame around Microsoft’s brainchild. Even the release of Internet Explorer 9, which had a lot of new features and finally got rid of the fabulous slowness, was not able to break the stereotypes. The tech giant from Redmond failed at that stage of the browser war – but that did not mean they stopped their attempts. Internet Explorer got its niche, and the complete discontinuation of its support was not advantageous for both Microsoft and its users. A decade after the Mozilla release, the market share of Internet Explorer was around 10% of the whole market. Meanwhile, Chrome had about 45% – an absolute monopoly in the browser market.

    IE market share 2015

    Why did Microsoft keep supporting Explorer?

    Besides the disadvantages that made IE so unfavourable, Microsoft kept supporting it even after releasing the MS Edge browser together with Windows 10. The newbie is based on Chromium core, and practically has the same list of functions as was offered by the regular Chrome. Folks were sceptical about it, but then the public opinion on it changed. Microsoft did a great job on mistakes – and created a well-done browser, not amazing, but with its own unique features. For example, in Windows 11, it received extended web security abilities – thanks to its deep integration with the operating system and Windows Defender. But the latter is the other sad story of Microsoft software products.

    Explorer had its niche, and it was generally infrastructure elements. Cash machines, information stands, interactive menus in restaurants – all of them were running the Explorer. The reason was the ability to ask Microsoft to create some specific functionality for them – an impossible thing for the broad-market browsers like the aforementioned Chrome. Internet Explorer runs on the proprietary MSHTML/Chakra engine, which can be adjusted only by Microsoft. Enterprise technologies always try to rely on other enterprise technologies, and that is the example.

    Disabling it at the moment of the Edge release (that would be sudden) was inappropriate for both sides of this symbiosis. Therefore, MS decided just to stop the development of the IE – by keeping the support available. In July 2016, a year after the MS Edge release, the market share of IE shed to 5.4%. By 2021, the share of IE decreased to about 0.5% of the market – with Edge having a 3.5% share. That is miserable compared to Microsoft’s market share in the desktop OS market – over 80%.

    The post Internet Explorer shutdown. The Epithaf appeared first on Gridinsoft Blog.

    ]]>
    https://gridinsoft.com/blogs/ie-shutdown/feed/ 0 8675
    Microsoft patches Windows AppX Installer vulnerability that spreads Emotet malware https://gridinsoft.com/blogs/microsoft-patches-windows-appx-installer-vulnerability/ https://gridinsoft.com/blogs/microsoft-patches-windows-appx-installer-vulnerability/#respond Wed, 15 Dec 2021 21:13:40 +0000 https://gridinsoft.com/blogs/?p=6669 The latest of this year, December’s patch Tuesday brought fixes for six 0-day vulnerabilities in Microsoft products, including a bug in the Windows AppX Installer that uses Emotet malware to spread. Microsoft patched 67 vulnerabilities in its products this month, seven of which are classified as critical and 60 are classified as important. Separately, Microsoft… Continue reading Microsoft patches Windows AppX Installer vulnerability that spreads Emotet malware

    The post Microsoft patches Windows AppX Installer vulnerability that spreads Emotet malware appeared first on Gridinsoft Blog.

    ]]>
    The latest of this year, December’s patch Tuesday brought fixes for six 0-day vulnerabilities in Microsoft products, including a bug in the Windows AppX Installer that uses Emotet malware to spread.

    Microsoft patched 67 vulnerabilities in its products this month, seven of which are classified as critical and 60 are classified as important. Separately, Microsoft has fixed 16 bugs in Microsoft Edge for a total of 83 bugs.

    Interestingly, according to ZDI data, the latest set of fixes increased the total number of bugs fixed in 2021 to 887, which is almost 30% less than in 2020.

    One of the major fixes this month is the patch for CVE-2021-43890 (7.1 CVSS). This vulnerability in the Windows AppX Installer is reportedly already under attack. Microsoft says the bug can be exploited remotely by low-privilege attackers without user interaction. In particular, the problem is already being used to distribute various malicious programs, including the Emotet, TrickBot and BazarLoader malware.

    An attacker could create a malicious attachment for use in phishing campaigns. The attacker would then have to convince the user to open that attachment. Users whose accounts are configured with fewer rights in the system may be affected to a lesser extent than users who work with administrator rights.the company warns.

    Bleeping and Computer reports that Emotet malware has recently spread using malicious Windows App Installer packages disguised as Adobe PDF. While Microsoft does not directly link CVE-2021-4389 to this campaign, the details the experts have shared with the community are completely consistent with the tactics used in the recent Emotet attacks.

    Five other zero-day vulnerabilities that were patched in December were not seen in hacker attacks:

    • CVE-2021-43240 (CVSS: 7.8) – privilege escalation in NTFS Set Short Name;
    • CVE-2021-43883 (CVSS: 7.8) – Windows Installer privilege escalation;
    • CVE-2021-41333 (CVSS: 7.8) – Windows Print Spooler privilege escalation;
    • CVE-2021-43893 (CVSS: 7.5) – privilege escalation in Windows Encrypting File System (EFS);
    • CVE-2021-43880 (CVSS: 5.5) – Windows Mobile Device Management privilege escalation.

    Let me remind you that we also wrote that Emotet now installs Cobalt Strike beacons.

    The post Microsoft patches Windows AppX Installer vulnerability that spreads Emotet malware appeared first on Gridinsoft Blog.

    ]]>
    https://gridinsoft.com/blogs/microsoft-patches-windows-appx-installer-vulnerability/feed/ 0 6669
    Microsoft fixes 81 bugs, including vulnerability under attacks https://gridinsoft.com/blogs/microsoft-fixes-81-bugs-including-vulnerability-under-attacks/ https://gridinsoft.com/blogs/microsoft-fixes-81-bugs-including-vulnerability-under-attacks/#respond Tue, 12 Oct 2021 10:03:32 +0000 https://blog.gridinsoft.com/?p=6016 Microsoft has released updates for its products: in total, this month the company fixed 74 bugs (81 if to include vulnerabilities in Microsoft Edge), three of which are classified as critical, four have the status of zero-day vulnerabilities, and one problem has already been adopted by hackers. Of the four 0-day vulnerabilities under attack, there… Continue reading Microsoft fixes 81 bugs, including vulnerability under attacks

    The post Microsoft fixes 81 bugs, including vulnerability under attacks appeared first on Gridinsoft Blog.

    ]]>
    Microsoft has released updates for its products: in total, this month the company fixed 74 bugs (81 if to include vulnerabilities in Microsoft Edge), three of which are classified as critical, four have the status of zero-day vulnerabilities, and one problem has already been adopted by hackers.

    Of the four 0-day vulnerabilities under attack, there was already a privilege escalation issue related to the operation of the Win32k kernel driver. The problem was identified as CVE-2021-40449 (7.8 on the CVSS scale) and was discovered by Kaspersky Lab specialists.

    In a detailed report, the experts said that the vulnerability belongs to the use-after-free class and was found in the NtGdiResetDC function of the Win32k driver. It leaks the addresses of kernel modules in the computer’s memory, and as a result, attackers use it to elevate the privileges of another malicious process.

    The bug was reportedly abused by Chinese hackers who downloaded and launched RAT MysterySnail with it. It is reported that MysterySnail is most often used in espionage operations against IT companies, diplomatic organizations and companies working for the defense industry.

    The experts managed to find a number of similarities in the code and functions of MysterySnail and the malware used by the well-known IronHusky group. Also, some C&C addresses were already used in 2012 in attacks by an APT group using the Chinese language.

    First of all, the Trojan collects information about the infected system and sends it to the C&C server. After that, through MysterySnail, attackers can issue a number of commands: for example, create, read, or delete a specific file, create or delete a process, download a directory list, open a proxy channel and send data through it.

    In addition, quite interesting functions were implemented in the Trojan. So, Trojan not only knows how to view the list of connected drives, but can also monitor the connection of external drives in the background. In addition, the Trojan can launch the interactive shell cmd.exe, having previously copied the cmd.exe file itself to a temporary folder under a different name.the Kaspersky Lab said.

    The exploit for CVE-2021-40449 supports a number of operating systems of the Microsoft Windows family: Vista, 7, 8, 8.1, Server 2008, Server 2008 R2, Server 2012, Server 2012 R2, Windows 10 (build 14393), Server 2016 (build 14393 ), 10 (build 17763), and Server 2019 (build 17763). But, according to experts, it was written specifically to elevate privileges on server versions of the OS.

    Also, as mentioned above, this month Microsoft fixed three other publicly disclosed vulnerabilities, which, however, were not used in hacker attacks:

    • CVE-2021-40469 (CVSS 7,2) – vulnerability in Windows DNS Server, leading to remote code execution;
    • CVE-2021-41335 (CVSS 7.8) – Windows kernel privilege escalation vulnerability;
    • CVE-2021-41338 (CVSS 5.5) – A bypass vulnerability in the Windows AppContainer Firewall rules.

    Let me remind you that I also reported that New feature in Exchange Server will apply fixes automatically.

    The post Microsoft fixes 81 bugs, including vulnerability under attacks appeared first on Gridinsoft Blog.

    ]]>
    https://gridinsoft.com/blogs/microsoft-fixes-81-bugs-including-vulnerability-under-attacks/feed/ 0 6016
    Microsoft developers will stop supporting classic Edge and IE 11 https://gridinsoft.com/blogs/microsoft-developers-will-stop-supporting-classic-edge-and-ie-11/ https://gridinsoft.com/blogs/microsoft-developers-will-stop-supporting-classic-edge-and-ie-11/#respond Wed, 19 Aug 2020 16:39:31 +0000 https://blog.gridinsoft.com/?p=4200 Microsoft said it would stop supporting classic Edge and IE 11. The company has published a schedule for the end of support for Internet Explorer 11 and Edge (a version based on its own engine). The whole process will be carried out in stages: from November 30, 2020, support for IE 11 will be discontinued… Continue reading Microsoft developers will stop supporting classic Edge and IE 11

    The post Microsoft developers will stop supporting classic Edge and IE 11 appeared first on Gridinsoft Blog.

    ]]>
    Microsoft said it would stop supporting classic Edge and IE 11. The company has published a schedule for the end of support for Internet Explorer 11 and Edge (a version based on its own engine).

    The whole process will be carried out in stages: from November 30, 2020, support for IE 11 will be discontinued in the Microsoft Teams service, after March 9, 2021, Microsoft will stop delivering updates for Edge (including security updates), and from August 17, 2021, many services such like OneDrive, Outlook and others will completely stop working with IE 11.

    Support will be discontinued also for Office 365.

    “This means that after the above dates, customers will have a degraded experience or will be unable to connect to Microsoft 365 apps and services on IE 11. For degraded experiences, new Microsoft 365 features will not be available or certain features may cease to work when accessing the app or service via IE11”, — say Microsoft specialists.

    However, the company will not completely abandon Internet Explorer 11, as the browser is a component of the Windows operating system and will only end after expiration of OS version, on which it is installed.

    The company noted that users will still be able to access sites specifically designed for Internet Explorer until the tech giant stops supporting the browser in Windows 10.

    Microsoft launched an updated version of Edge based on the Chromium engine in January, which was prompted to be downloaded manually from the website. In June, the company began distributing Edge through Windows Software Updates to Windows 10 users (Builds 1803, 1809, 1903, and 1909). With the release of Windows 10 20H2, scheduled for fall, Edge will be included in Windows 10. It is noted that the browser will support IE11 via Internet Explorer mode.

    “With the new Microsoft Edge and Internet Explorer mode, customers don’t need an awkward workaround of one browser for some apps and another for other apps. They can standardize on one browser and seamlessly experience the best of the modern web in one tab while accessing a business-critical legacy IE 11 app in another tab – all housed within the new Microsoft Edge”, — explained the developers.

    Microsoft also touted the Edge browser in every possible way and was glad that the company’s customers would test it.

    End of support schedule for Edge and IE 11:

    Microsoft will stop supporting IE

    Let me remind you that the company has been burning Windows 7 for a long time, and appeared a critical vulnerability for IE, Windows 7 clients, as expected, did not receive a patch from it. That time it turned out that these clients were not so few. The Free Software Foundation suggested a way out and asked Microsoft to open the source code for Windows 7, but the company did not respond to these requests.

    The post Microsoft developers will stop supporting classic Edge and IE 11 appeared first on Gridinsoft Blog.

    ]]>
    https://gridinsoft.com/blogs/microsoft-developers-will-stop-supporting-classic-edge-and-ie-11/feed/ 0 4200