All versions of Windows Server are (for now) unaffected, i.e., Internet Explorer 11 continues to run [1].
There is also "Internet Explorer Mode" in Edge, which uses iexplore.exe under the hood.
Additionally, if somebody were _really_ desperate to launch iexplore.exe itself, then there are unsupported means to do so.
For example, via manually modifying the registry key "NotifyDisableIEOptions" under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\
My favourite hack though, which should not be used by anyone ever, is launching via the COM object interface, which bypasses the registry key check [2]. I have personally verified that this works(!)
If one is desperate, there is also the option of the classic Webview control in Visual Studio (or even the old VB6 version) which with little bit of UI added around it, can substitute for the real IE for certain enterprise legacy webapps.
A bit more effort, can also lock the control to only browse to the intended web service, and launch the default browser for any external links.
There's kind of a market for this type of solution in the legacy enterprise app space I think.
At my office we use this software called Application Lifecycle Management that still requires Internet Explorer. Apparently they made some kind of containerized IE launcher for it. I suppose that was easier than porting it to a modern browser.
I support an EMR running on AIX that is accessed through a Java Web applet that only works with Internet Explorer. Since you cannot install Java in any other modern browser, IE mode works on Windows 10 but not 11. The menus and setting you need to configure just do not exist in Edge and without the full Internet Options menu from IE, the site cannot load.
The vendor allegedly has an update coming soon to allow other browsers to work.
If there are legacy systems that would be too expensive to tear down and modernise, then some form of regulatory fine should be implemented to stop this. There is no excuse for running IE anywhere these days, especially now after this news which puts the final nail in the coffin.
It’s a liability. The problem with security measures is that there is no immediate reward, but a few years down the line and you get ransomware’d you would want to have replaced legacy systems with modernised software and hardware. You need to weigh the cost of modernisation versus getting embarrassingly pwned.
A fine is a bad idea since companies should be able to take risk freely as long as this risk isn't socialized. I don't get fined for leaving my door unlocked, because it is my prerogative whether I take that risk. If risky behaviour affects others, then fines would be appropriate (e.g. managing customer data)
We frequently encounter legacy industrial automation applications that use IE inside an ActiveX container. There are a few third-party apps that attempt to bundle Chrome or Edge inside an ActiveX object, but we've had limited success.
HP Alm seemed to require IE where I work in the past 6 months. I told the person asking me to use HP Alm that I had no way of installing IE, with insinuations that the ask was BS.
Probably outdated version or not a hard requirement...
We have one third party app that requires IE. I opened Visual Studio, dropped a WebBrowser control onto a form, and voila: I've got IE again, even on Windows 11. I pushed the app out and it works great. I figure we've got years until this breaks again.
I support an enterprise Java app that uses SWT, and some clients may still be using IE for the embedded i-frames, depending on their OS. But I think we have a way of overriding the registry and forcing the IE version, if it comes to that.
FWIW I don’t think this changes anything, as those same usages often run on out-of-support versions of Windows too that are never updated. It usually doesn’t matter - if it works, then it works.
I used it to authenticate against some webdav intranet sites hosted on Sharepoint Online. Formerly on a SSO standard windows AD integrated system you needed to open internet explorer once. It did some arcane voodoo in the background you didn't need to do anything with it, just close it again. But if you did that you could connect to Sharepoint sites through the file explorer via webdav. This process needed to be repeated every other week when the arcane voodoo authentication needed to be refreshed.
Probably getting you a kerberos ticket (which would subsequently be available to other services like explorer). Hitting it with another browser (which need to be configured to use Kerberos) probably led to an NTLM auth in response to the Negotiate header. NTLM isn’t a global credential and doesn’t get a kerberos ticket.
Both Firefox and Chrome can get the kerberos ticket themselves, but it is necessary to whitelist sites that can use spnego. For Firefox, the settings are separate for ntlm and spnego, so one can be disabled and the other whitelisted.
Interestingly, Edge for Linux doesn't support spnego at all.
This is mostly true, however there’s a major caveat with chrome: your ticket can’t be too large. Too many group memberships and kerberos fails in chrome.
The lack of support for spnego in edge for linux isn’t entirely surprising though I am curious what the excuse is.
the software I'm working on still supports IE, but after years of pushing for it, in 2020 management let us start work on supporting Chrome/Edge. Though we'll have to see how our automated testing suite will be impacted by those redirections (FTA: "opening Internet Explorer will progressively redirect users to Microsoft Edge with IE mode."), because we're still testing with IE, though that's also planned to be phased out this summer.
not dreading it, but we do have a couple of older photocopiers (with no fw updates) that won't let us do things like add emails to the address book without IE
There is also "Internet Explorer Mode" in Edge, which uses iexplore.exe under the hood.
Additionally, if somebody were _really_ desperate to launch iexplore.exe itself, then there are unsupported means to do so.
For example, via manually modifying the registry key "NotifyDisableIEOptions" under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\
My favourite hack though, which should not be used by anyone ever, is launching via the COM object interface, which bypasses the registry key check [2]. I have personally verified that this works(!)
[1] https://techcommunity.microsoft.com/t5/windows-it-pro-blog/i...
[2] https://twitter.com/aaaddress1/status/1523590203658862592