Cyber Blog

Microsoft has taken steps to strengthen security around its Internet Explorer (IE) compatibility mode in Edge after learning that hackers had been using the legacy feature as a backdoor into systems. In August 2025, reports revealed that unknown threat actors exploited IE mode by combining social engineering with zero-day vulnerabilities in the old Chakra JavaScript engine to gain access to victims’ devices.

The attack began with hackers luring users to a legitimate-looking website, where a pop-up message prompted them to reload the page in IE mode. Once the site reloaded, attackers exploited a flaw in Chakra to execute malicious code remotely. They then used another exploit to escalate privileges, gaining full control over the system.

This tactic was especially dangerous because it bypassed the modern security protections built into Edge by reverting to older Internet Explorer components. Once attackers gained control, they could install malware, move laterally through networks, and steal sensitive information without triggering many of the usual browser defenses.

To counter this, Microsoft has removed the easy access options for IE mode, including the toolbar button, context menu, and related shortcuts. Now, users who still need IE mode must manually enable it through Edge settings. They can do this by navigating to Settings → Default Browser, selecting “Allow sites to be reloaded in Internet Explorer mode,” and adding specific sites to a trusted list.

These changes are designed to strike a balance between maintaining compatibility for older web applications and improving overall security. By making IE mode an intentional, manual process, Microsoft aims to close the loophole that allowed attackers to exploit this outdated feature.