1
Microsoft recently announced changes to the Internet Explorer mode in Edge browsers, citing zero-day exploits that compromise the browser’s security. Specifically, Microsoft limits the ease of enabling IE mode in Edge, making it tricky for threat actors to exploit this feature for browser-based attacks.
Microsoft Limits IE Mode In Edge
According to a recent post, Microsoft has detected active exploitation attempts targeting unpatched vulnerabilities in the Edge browser. Specifically, they found these zero-day exploits targeting the Internet Explorer’s JavaScript engine (Chakra), in turn, compromising Edge’s security. Therefore, Microsoft has announced an overhaul of the IE Mode settings UI that now limits how users activate this feature.
Earlier, users could enable IE mode in Edge via simple settings like a toolbar button or a hamburger menu. While it ensured convenience for the users, it also posed a threat, considering the active exploitation of Chakra. With the recent browser updates, users now have to explicitly enable IE Mode via the Settings menu.
Specifically, users now need to navigate to Settings > Default Browser, and enable “Allow sites to be reloaded in Internet Explorer mode (IE mode)” by selecting “Allow” from the dropdown list. Once done, users need to add the specific web pages to the IE mode’s page list that require IE mode to run.
Although it adds to users’ browsing experience, this move, according to Microsoft, ensures that activating IE mode remains an intentional act, instead of an overlooked feature. Moreover, this complexity would likely make it difficult for potential attackers to exploit IE mode.
Regarding the exploitation, Microsoft has briefly discussed the attacks it started detecting in August. As stated in the post,
In August 2025, the Edge security team received credible intelligence that threat actors were leveraging basic social engineering techniques alongside unpatched (0-day) exploits in Internet Explorer’s JavaScript engine (Chakra) to gain access to victim devices.
Simply put, these attacks involved tricking the victim users into opening spoofed web pages in IE mode. Once done, it would let the attackers gain remote code execution. Next, the attacker could gain elevated privileges by exploiting another vulnerability, thus becoming capable of performing the exploit at a device level.
“Migrate From Legacy Web Tech Asap” – Urges Microsoft
While Chromium offers numerous security features in browsers like Edge, reverting to IE mode for loading web pages essentially bypasses these security measures. Hence, this feature becomes a lucrative attack vector for the threat actors. A remote attacker could gain full device control using a mere spoofed webpage that loaded in IE mode.
With the restrictive measures to access IE mode, it’ll likely be easier for users to detect the threat as the attack won’t be performed unless the victim explicitly adds the malicious web page to IE mode.
Besides, the tech giant also urges users to migrate from the legacy web technologies to ditch IE mode. Instead, it advised users to switch to technologies supported by modern browsers to avoid such threats.
Let us know your thoughts in the comments.
