While Microsoft continues to improve and secure its software ecosystem, vulnerabilities still surface from time to time — and cybercriminals are always quick to take advantage of them. The latest issue comes from the company’s own browser, Microsoft Edge, where a serious flaw recently exposed users to potential attacks.
According to a report by Bleeping Computer, Microsoft has taken urgent action to contain the problem by restricting access to Edge’s Internet Explorer Mode (IE Mode) — a legacy feature that hackers were using to gain control of systems.
What happened
The vulnerability, classified as a zero-day exploit, was found within the Chakra JavaScript engine used by Edge’s IE Mode. This flaw allowed attackers to execute malicious code remotely once a user accessed certain websites, effectively giving them access to the victim’s computer.
Microsoft hasn’t shared extensive technical details yet, but the company confirmed that the attack combined social engineering with the vulnerability itself to compromise devices.
Even though Internet Explorer was officially retired in June 2022, Microsoft kept IE Mode within Edge to help businesses and government systems that still rely on older web technologies like ActiveX or Flash. However, this compatibility layer has now proven to be a serious security risk.
How Microsoft responded
To protect users, Microsoft has disabled Internet Explorer Mode by default. The company clarified that this is a temporary mitigation while it works on a permanent fix.
Those who still rely on IE Mode for legacy applications can manually re-enable it by going to:
Settings → Default Browser → Internet Explorer Compatibility.
From there, users can also specify which sites are allowed to open using IE Mode — though Microsoft warns that doing so carries potential risks.
The decision effectively turns IE Mode into an opt-in feature, accessible only by users who fully understand its security implications.
More than just one vulnerability
Researchers also discovered that the same Chakra JavaScript flaw could be chained with another bug to escalate privileges and escape Edge’s sandbox environment, giving attackers broader access to the system.
This layered threat prompted Microsoft to act quickly, as the combination of both vulnerabilities represented a serious breach of privacy and security.
Microsoft continues to encourage individuals and organisations to move away from outdated technologies and adopt modern web standards that are more secure and better maintained. While IE Mode was designed as a temporary bridge for legacy compatibility, this latest incident underscores the risks of keeping old components active in a modern browser.
For now, users are advised to keep Edge updated and avoid enabling IE Mode unless absolutely necessary.
