Been there, done that. But you might mention to bosses/clients that MS no longer supports/patches anything older than IE-11 on desktop versions of Windows. They are most likely using an un-patch-able version of Explorer.
My work "upgraded" to IE 11 late last year. The problem is so much of our internal infrastructure was built to target IE 8 (or earlier) that when our information services guys deployed IE 11 they forced it to run in compatibility mode.
Now you have to go through this endless dance of Enable/Disable compatibility mode depending on what site you are trying to visit. We have a lot of non technical users so as soon as you ask them to delve into menu options to use some added functionality on a site you lose them.
Even technical users hate this so most people sideload chrome. However a large number of workstation are locked down and those people have no option but to continue with IE.
Excellent advice that I give my students, and readers here will be well-served in following it.
I don't even want to admit how many managers come back to them with "we mitigate that risk with user education, we have too many legacy (blah blah blah)." There's always some excuse, isn't there? Usually within departments, but once executive-level hears this sort of thing, they tend to at least investigate what the real risks are. So I'm adding on to your advice to other readers to suggest they "go higher" with their security warning.
Man, I wish we lived in a world where management understood that people are shockingly good at finding ways of not doing what they're told!
Now you have to go through this endless dance of Enable/Disable compatibility mode depending on what site you are trying to visit. We have a lot of non technical users so as soon as you ask them to delve into menu options to use some added functionality on a site you lose them.
Even technical users hate this so most people sideload chrome. However a large number of workstation are locked down and those people have no option but to continue with IE.