Microsoft has revamped the Internet Explorer (IE) mode in its Edge browser after uncovering a sophisticated campaign where threat actors abused the feature to compromise users’ devices.
According to a report from the Microsoft Browser Vulnerability Research team, attackers exploited an unpatched zero-day vulnerability in Internet Explorer’s JavaScript engine (Chakra) a legacy component still present in IE mode.
The threat actors reportedly used social engineering techniques to lure victims into visiting a legitimate-looking website that prompted them to reload the page in IE mode.
Once reloaded, the attackers used the Chakra exploit to achieve remote code execution (RCE), followed by a second exploit to escalate privileges and gain full control of the system.
The attack was especially alarming because it managed to bypass the advanced security protections built into Chromium-based Microsoft Edge.
By forcing the browser to run in its less secure Internet Explorer mode, the attackers gained the ability to execute malicious code remotely, install malware, move laterally within networks, and steal sensitive data.
Security analysts say this incident indicates the ongoing risk of maintaining legacy browser compatibility features, even within modern software.
Stricter Internet Explorer Mode Controls
Microsoft confirmed that it received credible reports of active exploitation in August. While the company did not disclose details about the attackers or the scale of the operation, it has taken immediate steps to mitigate future risks.
To curb future abuse, the tech giant has eliminated quick-access options that previously made it easy to launch IE mode.
This includes the toolbar shortcut, the right-click context menu entry, and the hamburger menu option, all of which have now been removed from Microsoft Edge.
From now on, users who still rely on Internet Explorer mode for older web apps will have to manually enable it through Edge’s settings:
- Go to Settings > Default Browser.
- Turn on “Allow sites to be reloaded in Internet Explorer mode.”
- Add trusted sites to the list of pages that can be reloaded in Internet Explorer mode.
- Reload the page
Microsoft said the new changes strike a balance between supporting legacy web systems and strengthening browser security. “This approach ensures that the decision to load web content using legacy technology is significantly more intentional,” the company stated.
“The additional steps required to add a site to a site list are a significant barrier for even the most determined attackers.”
