14 DAY TRIAL // This month’s Patch Tuesday rollout was expected to bring an important security update for Internet Explorer users who wanted to be secure in front of the POODLE vulnerability, but it turns out that Microsoft has actually decided to push back the deadline to February 2015.
So what exactly happened? Microsoft initially said that it would start disabling SSL 3.0 for Protected Mode websites starting December 2014, but the company revealed in an advisory that this deadline was now moved to February.
And still, thanks to the December 2014 Internet Explorer Cumulative Update, users can manually block SSL 3.0 fallback in Internet Explorer 11, the company says.
Enterprise users, who are pretty much the ones most vulnerable in front of POODLE attacks, can do this by setting up their Group Policy rules and Microsoft says that everything would be customizable through registry or a Fix It solution.
The POODLE vulnerability was first reported last summer and allowed cybcriminals to easily decrypt an encrypted connection to a website no matter the browser. Both Firefox and Chrome disabled SSL 3.0 by default in latest updates and Microsoft will do the same next year.
Internet Explorer 11 is currently the default browser in Windows 8.1 and is also available as a standalone update for those running Windows 7. Windows 8 users cannot update to this version and must stick to Internet Explorer 10.
