Don’t miss out on our latest stories. Add PCMag as a preferred source on Google.
Microsoft officially retired and disabled Internet Explorer in 2022, but hackers are still targeting the outdated browser.
In a blog post, Microsoft warned it has received “credible intelligence” that hackers are exploiting unpatched vulnerabilities in Internet Explorer to remotely gain access to user devices. That’s because the browser still lives on as a function known as “IE Mode” within Microsoft’s current Edge browser, which is preinstalled on Windows PCs.
The company retained IE Mode because some older websites in certain parts of the world remain accessible only through Internet Explorer. But the decision is a double-edged sword; last year, security researchers discovered hackers, including those from North Korea, finding ways to essentially invoke Internet Explorer and exploit its vulnerabilities to install malware.
Microsoft says hackers trick users into activating IE Mode in Edge through “basic social engineering techniques,” likely fake messages that impersonate official agencies or brands.
How IE Mode used to be activated in Edge. (Credit: Microsoft/PCMag)
“The attacker would first convince the victim to navigate to an official-looking spoofed website, then use a flyout on the page to request the user to reload the page in Internet Explorer mode,” Microsoft explained. “The attackers would then leverage a Chakra (IE’s JavaScript engine) exploit to gain remote code execution. Finally, the attackers would use a second exploit to elevate their privileges out of the browser to gain full control of the victim’s device.”
The attack can bypass security safeguards in Edge, allowing a hacker to install malware, spy on the victim’s network, and steal data. In response, Microsoft notes the company is adding further restrictions to activating IE Mode in Edge for non-commercial users. This includes removing the “highest-risk entry points for loading a page in IE Mode, including the dedicated toolbar button, context menu, and the hamburger menu items,” the company says.
Recommended by Our Editors
The news means an end to activating IE Mode through Edge’s other context menus. (Credit: Microsoft/PCMag)
The goal is to restrict “casual access to IE Mode,” forcing non-commercial users to explicitly enable the function on a site-by-site basis via Edge’s settings.
“This approach ensures that the decision to load web content using legacy technology is significantly more intentional,” Microsoft said. “The additional steps required to add a site to a site list are a significant barrier for even the most determined attackers to overcome.”
Still, the new restrictions are not a patch, merely a hindrance. The company also notes: “No changes were made to the logic for commercial users to enable IE mode through enterprise policies.” For a real fix, Microsoft urges people to dump Internet Explorer. The outdated browser runs “legacy web technologies” that can expose them to security risks, it warns.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
About Our Expert
Michael Kan
Senior Reporter
Experience
I’ve been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I’m currently based in San Francisco, but previously spent over five years in China, covering the country’s technology sector.
Since 2020, I’ve covered the launch and explosive growth of SpaceX’s Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I’ve combed through FCC filings for the latest news and driven to remote corners of California to test Starlink’s cellular service.
I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. Earlier this year, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.
I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I’m now following how President Trump’s tariffs will affect the industry. I’m always eager to learn more, so please jump in the comments with feedback and send me tips.
Read Full Bio
