Microsoft April Security Patch Will Remove 'Legacy' Edge Browser -- Redmondmag.com

Microsoft April Security Patch Will Remove 'Legacy' Edge Browser

By Kurt Mackie
02/05/2021

Microsoft this week explained that its non-Chromium-based Microsoft Edge browser (based on earlier EdgeHTML technology) will get removed when April "update Tuesday" security patches get applied to Windows 10 systems.

Specifically, the older or "legacy" Edge browser will get removed via a security update coming on April 13, 2021, representing Microsoft's "B-week" patch distribution schedule. The B-week distribution (called "update Tuesday") happens every second Tuesday of the month and delivers Microsoft's security and quality fixes.

The legacy Edge removal in April will occur one month after the browser will have fallen out of support. The EdgeHTML browser will lose support on March 9, 2021. Losing support means that the browser likely won't get future security fixes from Microsoft, making it potentially insecure to use.

Microsoft generally recommends organizations upgrade to the Chromium-based Edge browser before the March end-of-support deadline for the EdgeHTML browser.

Security Patch Delivery
Microsoft actually began removing the legacy Edge browser and replacing it with Chromium-based product back in January of last year through its Automatic Updates patching service, even though it was technically supported through March 9, 2021. Despite that replacement process, it's possible that some organizations held onto the older browser.

For instance, organizations could have set a block beforehand to prevent the replacement of the EdgeHTML browser. They also may still have the EdgeHTML browser in their computing environments because they just applied Microsoft's security patches each month, and didn't apply the so-called "quality updates."

Microsoft's patching scheme includes a monthly "security-only" patch distribution option that organizations can use, but that option doesn't deliver browser fixes. Quality updates (which include security updates) are the ones that bring the browser fixes and other application functional updates.

It seems it'll be the security patches that specifically will remove the legacy Edge browser in April, so organizations applying security-only patches won't be exempted. Microsoft expressed that point in a very understated way:

To replace this out of support application, we are announcing that the new Microsoft Edge will be available as part of the Windows 10 cumulative monthly security update -- otherwise referred to as the Update Tuesday (or "B") release -- on April 13, 2021. When you apply this update to your devices, the out of support Microsoft Edge Legacy desktop application will be removed and the new Microsoft Edge will be installed.

Microsoft also plans to remove the legacy Edge browser in March if organizations apply its optional C-week patches. The C-week patches arrive on the third Tuesdays of each month.

Organizations that installed Windows 10 version 20H2, released in October, already have the Chromium-based Edge browser by default. The Chromium-based Edge browser, once installed, can't be removed by organizations or individuals.

Support for EdgeHTML Engine Continues
While the EdgeHTML browser is going away, its engine isn't. "EdgeHTML -- the rendering engine for Microsoft Edge Legacy -- will continue to be supported," Microsoft's announcement stated.

Microsoft apparently is continuing EdgeHTML engine support because some Web applications are based on it.

Internet Explorer Mode
Quite a lot of Web apps are based on old Internet Explorer browser technologies. IE 11, which is the last of Internet Explorer browser of its kind, is still supported if Windows is supported, but it is losing the support of Microsoft's services. IE 11 has already lost the ability to work optimally with Microsoft Teams and it will lose functionality with other Microsoft 365 services in August, per Microsoft's deprecation timeline.

It's possible to use the new Chromium-based Edge browser in conjunction with an "Internet Explorer Mode" mechanism, which permits older Web apps to work in the Chromium-based Edge browser. Organizations can use Microsoft's Enterprise Site Discovery tool to find sites and apps that still depend on these old IE technologies, and then set up IE Mode for use in those instances.

Microsoft offered recent guidance on how to use Edge and how to detect the use of legacy IE technologies in this Microsoft Tech Community post. The post also explained that Microsoft offers its FastTrack program to help with upgrades to the Chromium-based Edge browser (available to subscribers with 150 or more licenses). Microsoft similarly offers its App Assure program, which offers remediation help when applications are incompatible with software upgrades.

Advice for Kiosk Mode Users
Microsoft's plans to remove its EdgeHTML browsers in April could come as an unpleasant surprise for organizations using Windows 10 tablets in Kiosk Mode, a provisioning approach that locks down devices for commercial uses. Kiosk Mode is used to convert Windows 10-based tablets into point-of-sale devices or inventory-tracking devices, for instance.

Organizations using EdgeHTML browsers with Kiosk Mode should upgrade to the Chromium-based Edge browser before the April 13 deadline, Microsoft advised.

"To avoid a disruption in service and continue using your kiosk scenarios, you will need to install the new Microsoft Edge and set up kiosk mode prior to applying April's Windows 10 Update Tuesday release to your devices," Microsoft explained in an Edge team blog post on the topic.

The use of Kiosk Mode entails more complications because the Chromium-based Edge browser version 89 will lack some capabilities currently present in the EdgeHTML browser. For instance, a table in this Microsoft document showed that the ability to "restrict the launch of other applications from the browser" in Kiosk Mode will only be available when Chromium-based Edge versions 90 or 91 gets released.

Also, the ability to use Microsoft Intune to configure Kiosk Mode devices with the Chromium-based Edge browser only will be available in "early March."

Microsoft's Kiosk Mode blog post spelled out many of those details. It also reiterated that FastTrack and App Assure support are available for qualifying organizations.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.
Fallout from Microsoft's 'Midnight Blizzard' Saga Hits Feds

When the Russian attack group Midnight Blizzard successfully breached Microsoft corporate e-mail accounts late last year, it apparently managed to steal U.S. government agency e-mails, too.
PowerShell Script Used in Phishing Attack May Be AI-Generated

A PowerShell script being used in a novel malware campaign may have been created by AI, according to security researchers at Proofpoint.
Using Microsoft Office to Build a Network Diagram, Part 1

Keeping documentation is a great way to ease your future hardware refresh and have what you need for insurance purposes.
Microsoft Claims Breakthrough in Quantum Computing Reliability

A new paper details Microsoft's recent progress in quantum computing -- specifically, its development of a system that is both significantly less prone to errors and better at correcting them.