Is Internet Explorer Alive? A 0Day in It Certainly Is. Microsoft Emergency-Locks Down the Obsolete Mode
The old Internet Explorer Mode bypassed all the protections of the modern Edge and allowed hackers to seize control.
The Microsoft Edge security team has made radical changes to how Internet Explorer Mode works after receiving confirmation of targeted attacks exploiting it. Specialists discovered that attackers were exploiting vulnerabilities in the legacy Chakra JavaScript engine, built into Internet Explorer, to gain remote access to users' devices. The attacks demonstrated that even in modern browsers, inherited features can become a dangerous channel for system compromise.
Internet Explorer Mode in Edge was created as a temporary measure to support old websites and corporate portals dependent on technologies like ActiveX and Flash. Although most of the web has moved to modern standards, many organizations still use legacy interfaces—from video surveillance systems to government services where infrastructure updates are difficult. Therefore, Microsoft retained the ability to open specific sites in IE Mode to ensure compatibility without the need to maintain a full-fledged Internet Explorer.
However, IE's architecture is far from modern security standards. The lack of multi-layered protection mechanisms built into Chromium makes this mode vulnerable to attacks that modern browsers successfully repel. In August 2025, Microsoft specialists received credible data that cybercriminals were using social engineering and zero-day vulnerabilities in Chakra to compromise systems.
The attack scenario unfolded as follows: the attackers created a fake website, visually identical to an official one, and prompted the user to reload the page in IE Mode via a pop-up window. After activating the mode, they deployed an exploit to execute arbitrary code and then used a second vulnerability to escape the browser's sandbox and seize full control of the device.
This method bypassed all of Edge's built-in security features and allowed for the installation of malware, collection of confidential data, or lateral movement through a corporate network. To stop the exploitation, the Edge team promptly removed the most risky activation points for IE Mode—including the button on the toolbar, the context menu, and the item in the browser's main interface. However, enterprise users utilizing the mode through management policies can continue to use it without restrictions. For private users, support for IE Mode remains, but it must now be enabled manually for each specific site. This is done via Settings → Default Browser, where you need to activate the Allow sites to be reloaded in Internet Explorer mode parameter and add the required pages to the compatibility list.
This change makes enabling the mode a conscious step and significantly complicates life for attackers who previously could trick users into activating it with a single click. Now, each site must be added manually, preventing the accidental opening of malicious pages in the insecure IE environment.
Microsoft reminds that support for Internet Explorer 11 officially ended on June 15, 2022, and strongly advises phasing out the use of legacy web technologies. Modern browsers provide not only a higher level of security but also better performance and stability. Users can check if IE Mode is activated by opening Edge's settings and ensuring the Default Browser parameter is configured correctly.
