Microsoft has rapidly modified a function in its Edge internet browser after getting “credible studies” in August 2025 that risk actors had been utilizing it to interrupt into customers’ units. The function known as Web Explorer (IE) mode. The function allowed customers to open older web sites that depend upon legacy parts like ActiveX, which stay a part of sure enterprise or authorities workflows. Nonetheless, this compatibility got here with a safety danger.
The Exploit Defined
To your info, IE mode works by briefly switching to the older Web Explorer setting, which doesn’t have the robust security measures of the trendy, Chromium-based Edge browser. This weak spot was observed by hackers. The Edge safety staff discovered that attackers had been utilizing social engineering, together with 0-day flaws in Web Explorer’s JavaScript engine, Chakra.
The assault concerned tricking a sufferer into visiting a faux, official-looking web site. Then, a message would seem, asking the consumer to reload the web page in IE mode. As soon as the consumer did this, the hackers may use the Chakra flaw to take management of the browser, after which use a second flaw to “achieve full management of the sufferer’s gadget,” in line with the Microsoft Browser Vulnerability Analysis staff.
This exercise is especially regarding as a result of it successfully bypasses fashionable defences constructed into Edge, letting risk actors escape the browser and carry out numerous actions like malware deployment, transferring inside company networks (lateral motion), and knowledge exfiltration (stealing delicate knowledge).
Microsoft’s Fast Repair
With clear proof that this was occurring, Microsoft’s Edge staff proactively eliminated the simple methods to modify to IE mode. This contains taking away the devoted button on the toolbar and the choices in the principle menus. Nonetheless, Microsoft didn’t disclose any particulars concerning the character of the vulnerabilities, the identification of the risk actor, or the size of the efforts.
Now, for non-commercial customers who nonetheless want to make use of older web sites, activating IE mode requires a extra deliberate course of. Customers should now go into the Edge settings and particularly enable sure web sites to be reloaded in IE mode.
Listed below are the steps: Navigate to Settings > Default Browser, then set the ‘Permit websites to be reloaded in Web Explorer mode’ choice to Permit. Lastly, add the required web site to the record of Web Explorer mode pages, and reload the positioning.
David Matalon, CEO at Venn, a New York Metropolis–primarily based supplier of BYOD safety expertise, defined that backward compatibility options similar to IE mode can unintentionally develop a corporation’s assault floor. “Even in fashionable browsers, these legacy modes bypass safety protections, placing all customers, each distant and on-site, in danger,” he stated
He added that shrinking the assault floor requires disabling or tightly controlling IE mode, educating staff about social engineering, and ensuring endpoint protections are actively monitoring for suspicious exercise.
“The truth is that in at present’s distributed, BYOD-heavy workforces, knowledge usually lives exterior conventional perimeters,” Matalon continued. “A layered strategy that mixes well timed patching, endpoint controls, knowledge isolation, and least-privilege entry is important to limiting the blast radius when vulnerabilities inevitably emerge,” he stated.
