Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor

Steven

Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor

Summary

Microsoft has tightened how Internet Explorer (IE) mode is launched inside Edge after receiving credible reports that threat actors abused the backward-compatibility feature to gain unauthorised access to devices. Attackers used simple social engineering to persuade users to reload pages in IE mode, then weaponised unpatched vulnerabilities in Internet Explorer’s Chakra JavaScript engine to achieve remote code execution and privilege escalation. The change removes direct toolbar and menu shortcuts; IE mode now must be explicitly enabled per site via Edge settings.

Key Points

  • Attackers combined social engineering with unpatched (0-day) Chakra engine exploits to turn IE mode into a backdoor.
  • Threat actors used a page “flyout” to prompt victims to reload in IE mode, then executed an exploit for remote code execution followed by a privilege-escalation exploit.
  • Using IE mode bypassed modern Chromium/Edge hardening and allowed post-exploitation activities such as malware deployment, lateral movement and data exfiltration.
  • Microsoft removed the dedicated IE mode toolbar button, context-menu and hamburger-menu entries to make launching IE mode more deliberate.
  • To use IE mode now, admins or users must enable it in Settings > Default Browser, set “Allow sites to be reloaded in Internet Explorer mode” to Allow, add specific sites to the IE mode pages list and then reload the site.
  • Microsoft has not disclosed technical details of the vulnerabilities, the attacker(s) or the scale of the campaign.

Context and Relevance

This change is significant for organisations that still rely on legacy web apps and for security teams responsible for browser hardening. IE mode was designed to help businesses run older intranet and line-of-business sites, but that same compatibility can be abused to evade modern browser mitigations. The update reflects a wider trend: vendors restricting legacy compatibility surfaces to reduce attack surface while preserving business continuity for critical legacy apps.

Why should I read this?

Short version: if your organisation still uses legacy web apps or manages endpoints, this matters. Microsoft has made it harder to accidentally open sites in a less secure mode — but you also need to check settings, review site lists and tighten controls now. We’ve boiled down the risks and the configuration steps so you don’t need to trawl the official post.

Source

Source:https://thehackernews.com/2025/10/microsoft-locks-down-ie-mode-after.html