Luca Galuppi : 14 October 2025 12:20
While Internet Explorer has officially been out of support since June 2022, Microsoft recently faced a threat that exploited Internet Explorer Mode (IE Mode) in Edge , which was designed to provide compatibility with legacy applications and government portals.
Cybercriminals exploited zero-day vulnerabilities in the Chakra JavaScript engine , coupled with social engineering techniques, to execute remote code and gain complete control over victims’ devices.
“Our security team received intelligence that malicious actors were abusing IE mode in Edge to compromise unsuspecting devices,” explains Gareth Evans, head of security for Microsoft Edge.
The attacks followed a specific pattern: users were directed to fake websites, designed to look official , which tricked them into loading the page in IE mode. Once activated, the Chakra vulnerability allowed hackers to execute malicious code. In some cases, a second flaw was exploited to elevate privileges, exit the browser, and take complete control of the device . Microsoft has confirmed that the Chakra flaw remains unpatched at this time , making immediate mitigation even more critical.
To reduce the risk, Microsoft has taken stringent security measures :
The restrictions do not affect enterprise users, who will continue to use IE Mode according to company policies. However, for everyday users, Microsoft recommends migrating to modern browsers and updated technologies that are more secure, reliable, and performant.
This episode highlights a fundamental principle of cybersecurity: even obsolete technologies, when integrated with modern systems, can pose a significant risk. Conscious management of legacy applications, along with browser updates and user training, remains the most effective defense against sophisticated threats like this.
While Internet Explorer is obsolete, vulnerabilities in its compatibility mode in Edge highlight how even legacy technologies can pose a real threat to the security of corporate devices and data.
Luca Galuppi