Internet Explorer is “dead,” but it continues to infect PCs with its bugs via Edge
Contact
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Cybersecurity is about sharing. Recognize the risk,
combat it, share your experiences, and encourage others
to do better than you.
Enterprise BusinessLog 320x200 1
Banner Desktop
Internet Explorer is “dead,” but it continues to infect PCs with its bugs via Edge

Internet Explorer is “dead,” but it continues to infect PCs with its bugs via Edge

Author: Luca Galuppi
14 October 2025 12:20

While Internet Explorer has officially been out of support since June 2022, Microsoft recently faced a threat that exploited Internet Explorer Mode (IE Mode) in Edge , which was designed to provide compatibility with legacy applications and government portals.

Cybercriminals exploited zero-day vulnerabilities in the Chakra JavaScript engine , coupled with social engineering techniques, to execute remote code and gain complete control over victims’ devices.

“Our security team received intelligence that malicious actors were abusing IE mode in Edge to compromise unsuspecting devices,” explains Gareth Evans, head of security for Microsoft Edge.

The attacks followed a specific pattern: users were directed to fake websites, designed to look official , which tricked them into loading the page in IE mode. Once activated, the Chakra vulnerability allowed hackers to execute malicious code. In some cases, a second flaw was exploited to elevate privileges, exit the browser, and take complete control of the device . Microsoft has confirmed that the Chakra flaw remains unpatched at this time , making immediate mitigation even more critical.

To reduce the risk, Microsoft has taken stringent security measures :

  • Removal of buttons and quick shortcuts that allowed instant activation of IE Mode.
  • Users must now navigate to Settings > Default Browser > Allow and manually define which pages can be loaded in IE Mode.
  • This approach transforms activation into an intentional and controlled action , dramatically reducing the possibility of accidental compromise.

The restrictions do not affect enterprise users, who will continue to use IE Mode according to company policies. However, for everyday users, Microsoft recommends migrating to modern browsers and updated technologies that are more secure, reliable, and performant.

This episode highlights a fundamental principle of cybersecurity: even obsolete technologies, when integrated with modern systems, can pose a significant risk. Conscious management of legacy applications, along with browser updates and user training, remains the most effective defense against sophisticated threats like this.

While Internet Explorer is obsolete, vulnerabilities in its compatibility mode in Edge highlight how even legacy technologies can pose a real threat to the security of corporate devices and data.

Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.

Immagine del sito
Luca Galuppi

A lifelong technology enthusiast. I have been working in the IT field for over 15 years. I have particular experience in Firewall and Networking and deal with Network Design and IT Architectures on a daily basis. I currently serve as Senior IT Engineer and PM for an IT Consulting and Services company.