Microsoft has restricted access to Internet Explorer (IE) mode in its Edge browser after discovering that hackers were exploiting zero-day vulnerabilities in the Chakra JavaScript engine to gain control of users’ devices.
According to Gareth Evans, Microsoft Edge Security Team Lead, the Edge security team received intelligence indicating that threat actors were abusing IE mode in Edge by combining social engineering techniques with a Chakra exploit to achieve remote code execution.
Although Internet Explorer was officially retired on June 15, 2022, Microsoft retained an IE mode in Edge to maintain compatibility with older technologies such as ActiveX and Flash, which are still used by some government portals and legacy business systems.
In August, Microsoft’s security team learned that attackers were luring users to spoofed websites that appeared legitimate. These fake pages tricked users into loading the site in IE mode, allowing the attackers to exploit the unpatched Chakra vulnerability. Once the exploit succeeded, hackers used a second flaw to escalate privileges, escape the browser sandbox, and take full control of the affected devices.
To mitigate the risk, Microsoft has removed quick-access options that allowed users to enable IE mode easily — including toolbar buttons, context menu options, and hamburger menu entries.
Now, users who still need IE mode must manually enable it by navigating to:
Settings > Default Browser > Allow Sites to Be Reloaded in Internet Explorer Mode, and then define specific pages that should load in IE mode.
These new restrictions are designed to ensure that activating IE mode becomes an intentional user action, reducing the chance of attackers abusing it through deceptive methods.
The change, however, does not affect enterprise users, who will continue to use IE mode as configured by organization-level policies.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Microsoft is urging users to migrate away from legacy web technologies that rely on Internet Explorer, emphasizing that modern web solutions offer stronger security, improved reliability, and better performance.
