Microsoft announced in August 2025 that it has revamped the Internet Explorer (IE) mode in its Edge browser after receiving “credible reports” that unknown attackers were exploiting backward compatibility features to gain unauthorized access to users’ devices.
“Threat actors utilized basic social engineering techniques alongside unpatched (zero-day) exploits of Internet Explorer’s JavaScript engine (Chakra) to gain access to victims’ devices,” the Microsoft Browser Vulnerability Research Team said in a report released last week.
In an attack chain documented by Windows manufacturers, attackers have been found to trick unsuspecting users into visiting a seemingly legitimate website and then use an on-page flyout to instruct them to reload the page in IE mode.
Once the page reloaded, the attackers were said to be armed with an unspecified exploit in the Chakra engine to remotely execute code. The infection sequence culminates with the attacker using a second exploit to escalate privileges from the browser and take full control of the victim’s device.
This activity is particularly alarming because by using Internet Explorer to launch in a less secure state, it subverts modern defenses built into Chromium and Microsoft Edge, effectively allowing threat actors to bypass the browser’s limitations and perform various post-exploitation steps such as malware deployment, lateral movement, and data leakage.
Microsoft did not provide details about the nature of the vulnerability, the identity of the attackers behind the attack, or the scale of the effort.
However, in response to evidence of active abuse and the security risks posed by this feature, the company said it has taken steps to remove dedicated toolbar buttons, context menus, and hamburger menu items.
Users who wish to enable IE mode must do so explicitly on a case-by-case basis through their Edge browser settings.
[設定]>[デフォルトのブラウザ]Move to.[Internet Explorer モードでのサイトのリロードを許可する]Find your options and[許可]Set to . After you enable this setting, add specific sites that require IE compatibility to the Internet Explorer mode page list. Reload the site.
Windows manufacturers have noted that these restrictions on IE mode booting are necessary to balance the need for security and legacy support.
“This approach makes decisions to load web content using legacy technologies more intentional,” Microsoft said. “The additional steps required to add a site to the site list are a significant barrier for even the most determined attacker to overcome.”
Source link
