Microsoft Secures IE Mode After Hackers Exploit Legacy Backdoor
▼ Summary
– Microsoft revamped Edge’s Internet Explorer mode after August 2025 reports of threat actors exploiting it for unauthorized device access.
– Attackers used social engineering and unpatched Chakra engine exploits to trick users into reloading pages in IE mode for remote code execution.
– The exploit chain allowed privilege escalation to seize full device control, bypassing modern browser defenses for malware deployment and data theft.
– Microsoft removed easy IE mode access tools and now requires users to manually enable it per site via browser settings for enhanced security.
– These changes aim to balance legacy support with security by making IE mode usage intentional and harder for attackers to exploit.
Microsoft has taken decisive action to strengthen the security of Internet Explorer mode within its Edge browser, following credible reports that malicious actors were exploiting this legacy feature to compromise user devices. The company confirmed that throughout August 2025, unidentified threat groups used social engineering tactics combined with unpatched zero-day vulnerabilities in Internet Explorer’s Chakra JavaScript engine to infiltrate systems.
According to Microsoft’s Browser Vulnerability Research team, attackers lured users to seemingly trustworthy websites, then prompted them through on-screen instructions to reload those pages in IE mode. Once the page reloaded, the attackers leveraged an exploit in the Chakra engine to achieve remote code execution. A secondary exploit was then used to escalate privileges beyond the browser, granting them full control over the victim’s machine.
This type of attack is particularly alarming because it bypasses modern security protections built into Chromium and Microsoft Edge. By forcing the browser into IE mode, attackers effectively sidestepped critical defenses, enabling them to deploy malware, move laterally across networks, and exfiltrate sensitive data.
Microsoft has not revealed specifics about the vulnerabilities involved, the identity of the threat actors, or the overall scope of the attacks. However, in light of the active exploitation and clear security risks, the company has removed the dedicated IE mode toolbar button, context menu entries, and hamburger menu shortcuts.
Users who still require IE mode for specific sites must now manually enable it through the Edge settings. To do so, navigate to Settings, select Default Browser, and change the “Allow sites to be reloaded in Internet Explorer mode” option to “Allow.” Afterward, individual sites can be added to a compatibility list, and only then reloaded in IE mode.
Microsoft emphasized that these new restrictions are essential for balancing security with the ongoing need for legacy application support. By making the process more deliberate, the company aims to create a meaningful barrier against exploitation. The extra steps required to activate IE mode are expected to deter even highly motivated attackers, reducing the likelihood of similar incidents in the future.
(Source: The Hacker News)
