Redazione RHC:24 October 2025 07:27
The Microsoft Edge security team made significant changes to Internet Explorer mode after receiving confirmation of targeted attacks using it. Experts discovered that attackers exploited vulnerabilities in the outdated Chakra JavaScript engine, integrated into Internet Explorer, to gain remote access to users’ devices. The attacks demonstrated that even in modern browsers, legacy features can become a dangerous conduit for system compromise.
Internet Explorer mode in Edge was created as a temporary solution to support legacy websites and corporate portals that relied on technologies like ActiveX and Flash . While much of the web has migrated to modern standards, many organizations still use legacy interfaces, from video surveillance systems to government services, where infrastructure upgrades are difficult. Therefore, Microsoft has retained the ability to open individual websites in IE mode to ensure compatibility without requiring a full installation of Internet Explorer.
However, IE’s architecture is far from modern security standards. The lack of multi-layered protection mechanisms built into Chromium makes it vulnerable to attacks that modern browsers can successfully repel. In August 2025, Microsoft researchers received credible information indicating that cybercriminals were using social engineering techniques and zero-day vulnerabilities in Chakra to compromise systems.
The attack scenario was as follows: the attackers created a fake website, visually identical to the official one, and prompted the user to reload the page in IE mode via a pop-up window . After enabling the mode, they introduced an exploit to execute arbitrary code and exploited a second vulnerability to escape the browser and take full control of the device.
This method bypassed all of Edge’s built-in protections and allowed malware to be installed, sensitive data collected, or accessed within the corporate network . To block this exploitation, the Edge team quickly removed the most risky IE mode trigger points, including the toolbar button, the context menu, and the option in the browser’s main interface. However, corporate users who enable the mode via policy management can continue to use it without restrictions.
IE mode remains supported for individual users, but must now be manually enabled for each specific website. This can be done via Settings → Default Browser , where you need to enable the “Allow sites to reload in Internet Explorer mode” setting and add the desired pages to the compatibility list.
This change makes enabling this mode a conscious step and significantly complicates the lives of attackers, who could previously trick users into enabling it with a single click. Now, each website must be added manually, preventing malicious pages from accidentally opening in IE’s unsafe environment.
Microsoft reminds users that support for Internet Explorer 11 officially ended on June 15, 2022, and strongly recommends discontinuing legacy web technologies. Modern browsers not only offer higher levels of security, but also better performance and stability. Users can check if IE mode is enabled by opening Edge’s settings and ensuring the “Default browser” setting is correctly configured.
Redazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.