14
Microsoft recently made significant changes to the Internet Explorer mode in Edge browsers due to security concerns related to zero-day exploits. These changes are aimed at enhancing the security of the browser and protecting users from potential threats.
Microsoft Enhances Security by Limiting IE Mode in Edge
In a recent announcement, Microsoft revealed that active exploitation attempts targeting vulnerabilities in the Edge browser have been detected. Specifically, zero-day exploits targeting the Internet Explorer’s JavaScript engine, known as Chakra, have posed a security risk to Edge users. As a response, Microsoft has updated the IE Mode settings UI to restrict how users can activate this feature.
Prior to the update, users could easily enable IE mode in Edge through simple settings such as a toolbar button or a hamburger menu. However, in light of the security risks associated with Chakra exploits, users now need to explicitly enable IE Mode via the Settings menu.
To activate IE mode, users are required to navigate to Settings > Default Browser and enable “Allow sites to be reloaded in Internet Explorer mode (IE mode)” by selecting “Allow” from the dropdown menu. Additionally, users must add specific web pages to the IE mode’s page list that necessitate IE mode to function.
By implementing these changes, Microsoft aims to ensure that enabling IE mode is a deliberate action by users, rather than an overlooked feature that could be exploited by malicious actors. The added complexity is expected to deter potential attackers from exploiting IE mode for malicious purposes.
Regarding the recent exploitation attempts, Microsoft disclosed that threat actors began leveraging social engineering tactics alongside unpatched exploits in Chakra in August 2025. These attacks involved tricking users into opening spoofed web pages in IE mode, allowing attackers to execute remote code and escalate privileges on victim devices.
Microsoft Urges Migration from Legacy Web Technologies
While Chromium-based browsers like Edge offer robust security features, reverting to IE mode for loading web pages bypasses these protections, making it an attractive target for attackers. By limiting access to IE mode, users are better equipped to detect and prevent potential threats as malicious web pages can only be added to IE mode explicitly.
Furthermore, Microsoft advises users to transition away from legacy web technologies and embrace modern browser-supported technologies to mitigate security risks. By adopting modern web standards, users can safeguard themselves against potential vulnerabilities associated with IE mode.
We welcome your thoughts and feedback in the comments section below.
