Microsoft said it has revamped the Internet Explorer (IE) mode in its Edge browser after receiving “credible reports” in August 2025 that unknown threat actors were abusing the backward compatibility feature to gain unauthorized access to users’ devices.
The Microsoft Browser Vulnerability Research team, in a report, said attackers combined basic social engineering with unpatched (0-day) exploits in Internet Explorer’s JavaScript engine (Chakra) to compromise victims. The company said adversaries were found to trick users into visiting a seemingly legitimate site and to use a flyout on the page to instruct them to reload the page in IE mode, the report said.
According to Microsoft, once the page was reloaded the attackers weaponized an unspecified exploit in the Chakra engine to obtain remote code execution and then used a second exploit to elevate privileges out of the browser and seize control of the device. The company did not disclose details about the vulnerabilities, the identity of the threat actor or the scale of the activity.
Microsoft said the campaign was notable because it effectively subverted modern defenses in Chromium-based Edge by launching the browser in a less secure state using Internet Explorer, allowing attackers to break out of the browser and perform post-exploitation actions such as malware deployment, lateral movement and data exfiltration.
In response to evidence of active exploitation and the security risk posed by the feature, Microsoft said it removed the dedicated toolbar button, context menu and hamburger menu items that previously made IE mode easier to launch. The company said users who still require IE compatibility must explicitly enable IE mode in Edge settings (Settings > Default Browser), set “Allow sites to be reloaded in Internet Explorer mode” to Allow, add the specific site(s) to the Internet Explorer mode pages list and then reload the site.
Microsoft said the restrictions are intended to make the decision to load web content with legacy technology significantly more intentional and to raise the bar for attackers.