Microsoft updated Edge’s Internet Explorer mode after August 2025 reports that attackers exploited it to access users’ devices without authorization.
Microsoft updated Edge’s Internet Explorer mode after reports in August 2025 that threat actors exploited the backward compatibility feature to gain unauthorized device access.
Microsoft Edge’s IE mode lets organizations run legacy Internet Explorer 11 sites and apps within a modern browser, simplifying access to old and new web applications.
In August 2025, attackers exploited Edge’s IE mode using social engineering and unpatched IE Chakra vulnerabilities.
Microsoft did not disclose any technical details about the attacks and the identity of the threat actor behind the offensives.
They tricked users into reloading pages in IE mode, gained remote code execution, escalated privileges, and could install malware, move laterally, or steal sensitive data.
“In August 2025, the Edge security team received credible intelligence that threat actors were leveraging basic social engineering techniques alongside unpatched (0-day) exploits in Internet Explorer’s JavaScript engine (Chakra) to gain access to victim devices. The attacker would first convince the victim to navigate to an official-looking spoofed website, then use a flyout on the page to request the user to reload the page in Internet Explorer mode.” reads the advisory published by Microsoft. “The attackers would then leverage a Chakra (IE’s JavaScript engine) exploit to gain remote code execution. Finally, the attackers would use a second exploit to elevate their privileges out of the browser to gain full control of the victim’s device.”
To mitigate the issue, after active IE mode exploits, Edge removed easy-access buttons for non-commercial users. IE mode now requires explicit site-by-site enabling via Settings > Default Browser, improving security while maintaining compatibility.
“Microsoft Edge continues to evolve, balancing the need for legacy support with robust, modern security. By restricting casual access to IE mode, the Edge browser security team is reducing the risk of exploitation while providing a clear, auditable pathway for genuine business requirements.” concludes the advisory.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Internet Explorer mode)
Source: SecurityAffairs
Source Link: https://securityaffairs.com/183333/security/microsoft-revamps-internet-explorer-mode-in-edge-after-august-attacks.html