Microsoft warns businesses of impending autoupdate to IE7

Microsoft has warned corporate administrators that it will push a new version of Internet Explorer 7 their way next month, and it has posted guidelines on how to ward off the automatic update if admins want to keep the older IE6 browser on their companies' machines.

The IE7 upgrade scheduled to roll out via WSUS (Windows Server Update Services) on Feb. 12 was announced last October, when Microsoft said it would no longer require users to prove they owned a legitimate copy of Windows XP before they were allowed to download the newer browser. Microsoft explained that the move was prompted by security concerns.

"Because Microsoft takes its commitment to help protect the entire Windows ecosystem seriously, we're updating the IE7 installation experience to make it available as broadly as possible to all Windows users," said Steve Reynolds, an IE program manager, on a Microsoft company blog in early October. "Internet Explorer 7 installation will no longer require Windows Genuine Advantage validation and will be available to all Windows XP users."

The IE7 Installation and Availability Update was immediately made available for manual downloading and was offered to consumers and small-business users via the Windows Update service in the weeks that followed. Beginning Feb. 12, the new IE7 package will be put into the WSUS pipeline as an Update Rollup package.

"If you have configured WSUS to 'auto-approve' Update Rollup packages, Windows Internet Explorer 7 will be automatically approved for installation after February 12, 2008, and consequently, you may want to take the actions below to manage how and when this update is installed," Microsoft warned in a support document posted to its site. WSUS's default setting for Update Rollups is to not autoapprove them.

Companies that stuck with IE6 must take action, Microsoft said, or IE7 may be automatically downloaded and installed to their workers' PCs. Specifically, administrators who have set WSUS to automatically approve Update Rollups will need to disable the auto-approval rule before Feb. 12 to prevent IE7 from infiltrating their infrastructure. After that date, they must synchronize the update package with their WSUS server and then switch the autoapproval rule back on.

More than one in every three people still relies on IE6, according to data gathered by Web metrics vendor Net Applications. During December 2007, IE6 accounted for 35 percent of the browsers that visited the 40,000-some sites monitored by the company.

Microsoft recognized that it needed to protect IE6 from replacement even before it released IE7 in the fall of 2006; prior to the browser's launch, the company posted a free set of tools administrators could use to block the automatic downloading and installation of the new browser.

But it's unclear what impact, if any, the IE7 rollout via WSUS will have on users who have applied the Blocker Toolkit to keep that browser off their systems. Although asked to expand on the support document -- which didn't mention the tools -- Microsoft was not able to provide any additional information Tuesday.

Computerworld is an InfoWorld affiliate.