14 DAY TRIAL // Microsoft is the latest major browser developer in the software market that takes a stance against the POODLE bug found by Google engineers in late 2014, as all the other competitors have already disabled support for SSL 3.0 in their applications.
The Redmond-based software vendor announced that it would disable SSL 3.0 support in Internet Explorer in April this year, after rolling out an update that prevents fallback for Protected Mode sites.
And yet, Microsoft says that, starting April 14, all users will be fully protected against POODLE attacks, as SSL 3.0 will be disabled by default in Internet Explorer 11, the latest version of its browser that's currently available on Windows 8.1 as the default option and Windows 7 as an optional download.
Microsoft, the last big name to kill SSL 3.0
Microsoft is the last tech company that takes action against SSL 3.0, as both Google and Mozilla have already dropped support for this version in Chrome and Firefox.
Mozilla, for example, dropped SSL 3.0 in November 2014 with the release of Firefox 34, while Google moved a bit more slowly and disabled support in mid-January, when it brought out Chrome 40.
Microsoft, on the other hand, offered a manual option to disable SSL 3.0 in Internet Explorer 11 in December 2014, and this month did it by default for protected sites. But a complete drop of SSL 3.0 in the browser would only take place in April.
POODLE, which stands for Padding Oracle on Downgraded Legacy Encryption, allowed attackers to launch man-in-the-middle attacks using compromised cookies that would in the end enable them to connect to a number of websites using the actual credentials of the victims.
The problem with POODLE was that modern browsers, despite being able to use TLS, still switched to SSL 3.0 if they were offered this version by websites.
Disabling SSL 3.0 fallback was pretty much the easiest way to deal with this problem, but as you can see, sometimes it takes longer than expected, so manually disabling support for this standard is the best way to make sure that you're on the safe side.