Software

Microsoft extends Internet Explorer 8 desktop lifeline to upgrade laggards

It's just like the XP saga all over again

Search and rescue image from Lledo via Shutterstock

Exclusive Don’t worry if you miss Microsoft’s January deadline to dump “legacy” versions of Windows and Internet Explorer. MS has a New Year's treat in store for you.

Microsoft has quietly begun offering Custom Support Agreements (CSAs) to those running old combinations of its browser and client after January 12, 2016.

The Register has learned of one very large manufacturer running nearly 100,000 PCs who has signed a CSA with Microsoft. The firm, who sources didn’t want to name but who know it intimately, is running a desktop combination of Windows 8.1 and IE 8.

Unfortunately, Microsoft will stop providing any and all security updates for IE8 on Windows 8.1 after January 12. To receive updates, patches and fixes will continue you’ll need a CSA – meaning dedicated Microsoft engineers.

Without a CSA, organisations running the browser and client combo after January 12 are on their own should new vulnerabilities or malware appear. Other browsers that will stop receiving support from Microsoft will be IE9 and IE10 on Windows 7 SP1.

Of its legacy desktop stack, Microsoft said last year it would only support IE9 on Vista SP2, 11 on Windows 7 SPE 1 and Windows 8.1.

According to the software giant’s stated policy after January 2016: “Only the most recent version of Internet explorer available for a supported operating system will receive technical support and security updates.”

A Microsoft spokesperson told The Register about the new CSAs: “We will continue to provide technical support and security updates for the most current version of Internet Explorer available for supported versions of Windows. If customers have a technical or business issue that prevents upgrading, we encourage them to reach out to their Microsoft account team or Microsoft partner.”

Until now, Microsoft has refused to talk about CSAs for the legacy client stack.

Microsoft announced the end-of-support date in April 2014, but in September this year The Reg reported many would miss the January date.

According to Gartner, the scale of the problem is bigger than Windows XP – Microsoft also stopped providing security updates for that client in April 2014.

Microsoft faced exactly the same situation on that Windows XP end-of-life, as customers tried and failed to hit the April cut-off date. Eventually, the software giant was forced to offer CSAs to those who would miss the end-of-support date.

Microsoft negotiated a special volume deal for the UK government because so many Whitehall and public sector bodies would overshoot.

CSAs are made deliberately expensive by Microsoft, as it doesn’t want to be stuck permanently supporting legacy software. Agreements for Windows XP were priced at $200 per desktop for year one, $400 for year two and $800 for a third year.

The irony of this deadline is that many who moved from Windows XP and running IE6 moved their browser at least to IE8, because it offered the path of least resistance in terms of re-writing applications and software portability.

Now, those who upgraded to IE8 must be shot of the browser no more than two years later. ®

Sponsored: Global DDoS threat landscape report