Microsoft has shortly modified a characteristic in its Edge internet browser after getting “credible reviews” in August 2025 that risk actors had been utilizing it to interrupt into customers’ units. The characteristic is named Web Explorer (IE) mode. The characteristic allowed customers to open older web sites that depend upon legacy parts like ActiveX, which stay a part of sure enterprise or authorities workflows. Nevertheless, this compatibility got here with a safety danger.
The Exploit Defined
On your info, IE mode works by briefly switching to the older Web Explorer setting, which doesn’t have the sturdy security measures of the fashionable, Chromium-based Edge browser. This weak spot was seen by hackers. The Edge safety workforce discovered that attackers had been utilizing social engineering, together with 0-day flaws in Web Explorer’s JavaScript engine, Chakra.
The assault concerned tricking a sufferer into visiting a pretend, official-looking web site. Then, a message would seem, asking the consumer to reload the web page in IE mode. As soon as the consumer did this, the hackers might use the Chakra flaw to take management of the browser, after which use a second flaw to “achieve full management of the sufferer’s system,” in accordance with the Microsoft Browser Vulnerability Analysis workforce.
This exercise is especially regarding as a result of it successfully bypasses trendy defences constructed into Edge, letting risk actors escape the browser and carry out numerous actions like malware deployment, shifting inside company networks (lateral motion), and knowledge exfiltration (stealing delicate knowledge).
Microsoft’s Fast Repair
With clear proof that this was taking place, Microsoft’s Edge workforce proactively eliminated the straightforward methods to change to IE mode. This consists of taking away the devoted button on the toolbar and the choices in the primary menus. Nevertheless, Microsoft didn’t disclose any particulars relating to the character of the vulnerabilities, the id of the risk actor, or the dimensions of the efforts.
Now, for non-commercial customers who nonetheless want to make use of older web sites, activating IE mode requires a extra deliberate course of. Customers should now go into the Edge settings and particularly enable sure web sites to be reloaded in IE mode.
Listed below are the steps: Navigate to Settings > Default Browser, then set the ‘Permit websites to be reloaded in Web Explorer mode’ choice to Permit. Lastly, add the required web site to the checklist of Web Explorer mode pages, and reload the positioning.
David Matalon, CEO at Venn, a New York Metropolis–based mostly supplier of BYOD safety expertise, defined that backward compatibility options similar to IE mode can unintentionally broaden a company’s assault floor. “Even in trendy browsers, these legacy modes bypass safety protections, placing all customers, each distant and on-site, in danger,” he mentioned
He added that shrinking the assault floor requires disabling or tightly controlling IE mode, educating workers about social engineering, and ensuring endpoint protections are actively monitoring for suspicious exercise.
“The fact is that in right now’s distributed, BYOD-heavy workforces, knowledge typically lives exterior conventional perimeters,” Matalon continued. “A layered strategy that mixes well timed patching, endpoint controls, knowledge isolation, and least-privilege entry is crucial to limiting the blast radius when vulnerabilities inevitably emerge,” he mentioned.
