Microsoft has implemented stricter controls on Internet Explorer (IE) mode within its Edge browser following the discovery of a critical zero-day vulnerability exploited by hackers. Gareth Evans, head of security for Microsoft Edge, revealed that cybercriminals were leveraging this flaw to take control of users’ devices. Although Internet Explorer was officially retired in June 2022, IE mode remains in Edge to support legacy websites and systems. The attackers targeted a vulnerability in Chakra, the old JavaScript engine used by Internet Explorer, through social engineering tactics. By luring users to fake websites and prompting them to reload the page in IE mode, the vulnerability was activated, allowing remote code execution. Microsoft has yet to issue a patch for the Chakra vulnerability. As a temporary measure, all shortcuts for enabling IE mode have been removed, requiring users to manually activate it in settings and specify trusted sites. This change aims to enhance security by ensuring IE mode is only used for reliable websites.
How is Microsoft responding to the IE mode vulnerability exploited by hackers?
