Microsoft has significantly restricted access to Internet Explorer (IE) mode within its Edge browser following reports of active exploitation by threat actors. Hackers were reportedly using social engineering and unpatched zero-day exploits in IE's JavaScript engine to bypass modern browser defenses and gain unauthorized access to user devices. The company has since implemented stricter controls to mitigate this risk.

Key Takeaways

• Threat actors exploited Internet Explorer's legacy features through social engineering and zero-day vulnerabilities.

• The exploit allowed attackers to gain remote code execution and elevate privileges, compromising user devices.

• Microsoft has made IE mode less accessible, requiring explicit user action to enable it for specific sites.

Exploitation of Legacy Features

In August 2025, Microsoft received credible reports indicating that unknown threat actors were abusing the backward compatibility feature of IE mode in Edge. These actors employed basic social engineering tactics, tricking users into visiting malicious websites. Subsequently, they guided users to reload these pages using IE mode, where unpatched zero-day exploits in Internet Explorer's JavaScript engine, known as Chakra, were leveraged.

Bypassing Modern Defenses

The attack chain documented by Microsoft involved tricking users into reloading a page in IE mode. Once reloaded, attackers used an exploit within the Chakra engine to achieve remote code execution. A secondary exploit was then used to elevate privileges beyond the browser's sandbox, allowing for complete control over the victim's device. This method effectively subverted the security measures built into Chromium and Microsoft Edge by launching the content in a less secure environment.

Microsoft's Response and New Restrictions

In response to the active exploitation and the security risks, Microsoft has taken steps to make IE mode less accessible. The dedicated toolbar button, context menu, and hamburger menu items for launching IE mode have been removed. Users now need to explicitly enable IE mode on a case-by-case basis through Edge browser settings. This involves navigating to Settings > Default Browser, enabling the "Allow sites to be reloaded in Internet Explorer mode" option, and then adding specific sites to the IE mode pages list. Microsoft stated that these added steps are intended to make the decision to use legacy technology more intentional and serve as a significant barrier for attackers.

As cyber threats become increasingly sophisticated, your security strategy must evolve to keep pace. BetterWorld Technology offers adaptive cybersecurity solutions that grow with the threat landscape, helping your business stay secure while continuing to innovate. Reach out today to schedule your personalized consultation.

Sources

• Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor, The Hacker News.

• Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor, LinkedIn.