Microsoft Forced To Restrict A Handy Edge Feature After Hackers Exploit It As A Backdoor

Microsoft Edge users will now have to jump through a few extra hoops to access the browser’s Internet Explorer (IE) Mode. This is because the Edge browser security team was recently made aware that compatibility mode was being abused by threat actors to gain unauthorized access to devices.

IE Mode exists as a way for Edge users to access web sites that still make use of older technologies, such as ActiveX and Flash. While the rest of the web has moved on, there are still security cameras interfaces, proprietary business applications and even government portals that haven’t been able to upgrade from these deprecated solutions.

Of course, relying on software that hasn’t been updated in several years carries increased risk. In this case, threat actors are leveraging good old fashioned social engineering and an unpatched exploit in IE’s Chakra JavaScript engine. A user is convinced to visit a site controlled by the attackers and are asked to reload it using IE Mode, which leads to remote code execution and gaining complete control of a victim’s device.


Unfortunately, none of the security measures used by Edge to protect users mitigate this kind of attack. Because of this, the Edge team removed the more convenient ways to switch into IE Mode, such as the dedicated toolbar button, context menu and the hamburger menu.

For those who understand the risks, but still require IE Mode to access legacy sites, you can do so by diving into the Edge browser settings menu. There will be an option called “Allow sites to be reloaded in Internet Explorer mode”, which you can set to “Allow.” You will also need to manually add the sites that require this mode for it to work.