14 DAY TRIAL // As promised in February, Microsoft disabled SSL 3.0 in Internet Explorer with this month’s Patch Tuesday updates, thus squashing the POODLE bug found in late 2014 once and for all.
Microsoft is the latest big company that proceeds to turn off SSL 3.0 in its browser, as Mozilla and Google have already taken similar measures to protect their users.
The POODLE bug, which could be used to exploit vulnerabilities in SSL 3.0 and the HTTPS connection between browsers and web servers, could be fixed by simply disabling support for this protocol altogether, and Microsoft promised to do so since December.
The company, however, had to do this gradually, so in February it disabled insecure fallback to SSL 3.0 in Internet Explorer 11 for Protected Mode sites, but starting this month, the browser no longer uses this protocol unless the IT administrator specifically requires it to do so.
“Today we’re releasing an update that disables SSL 3.0 by default in Internet Explorer 11. Enterprise customers can choose to enable SSL 3.0 for compatibility with their web applications, however we strongly recommend instead that they update their web servers and web applications to use latest security protocols such as TLS 1.2,” Microsoft said in a post today.
Other security updates for Internet Explorer
In addition to these security improvements, Microsoft also released a patch to address multiple vulnerabilities in the browser that the company says could be used by an attacker to get remote code execution rights on a vulnerable machine.
Redmond shipped the patch through Windows Update for all Internet Explorer versions, so in case you haven’t installed it yet, you’d better do it as soon as possible because this is the only way to remain secure when browsing the web and coming across malicious websites.
A new Flash version is also available for Internet Explorer users, so make sure you deploy this one too, just to be on the safe side when browsing the web and loading Flash content.