HEADLINE STORIES | Bleeping Computer

  

Microsoft restricts IE mode access in Edge after zero-day attacks

By Bill Toulas
October 13, 2025
05:51 PM

Microsoft is restricting access to Internet Explorer mode in Edge browser after learning that hackers are leveraging zero-day exploits in the Chakra JavaScript engine for access to target devices.

The tech giant did not share too many technical details but said that the threat actor combined social engineering with an exploit in Chakra to gain remote code execution.

“The [Edge security] team recently received intelligence indicating that threat actors were abusing Internet Explorer (IE) mode within Edge to gain access to unsuspecting users’ devices,” says Gareth Evans, Microsoft Edge Security Team Lead.

• Although support for Internet Explorer ended on June 15, 2022, Microsoft Edge has an IE mode for legacy compatibility with older technologies (ActiveX and Flash) still in use with a small set of business applications and government portals.

In August, the Edge security team learned that threat actors were directing targets to "an official-looking spoofed website" that prompted users, through an interface element, to load the page in IE mode.

• After exploiting the zero-day in Chakra, the attacker leveraged a second vulnerability to increase privileges and escape the browser, and take full control of the device. 
• Evans did not provide identifiers for the exploited vulnerabilities and said the flaw in Chakra is unpatched.

To mitigate the risk, Microsoft removed the methods that allowed activating IE mode in Edge through easy methods, like the dedicated toolbar button, context menu, and items in the hamburger menUsers who want IE mode active now have to navigate to Settings > Default Browser > Allow and define the pages that should be loaded using Internet Explorer.

Edge setting for IE mode
Source: BleepingComputer

1. The new restrictions aim at making the activation of IE mode an intentional user action. 
2. Furthermore, the list of websites approved to load in IE mode should make it very difficult for attackers to succeed in their compromise attempts.

These changes do not apply to commercial users, who will continue to use IE mode as configured through enterprise policies.

• However, Microsoft reminded users that they should migrate from the legacy web technology in Internet Explorer to modern products that deliver better security, are more reliable, and come with improved performance.

The Security Validation Event of the Year: The Picus BAS Summit

Join the Breach and Attack Simulation Summit and experience the future of security validation. Hear from top experts and see how AI-powered BAS is transforming breach and attack simulation.

Don't miss the event that will shape the future of your security strategy

Related Articles:

Google patches sixth Chrome zero-day exploited in attacks this year

Microsoft September 2025 Patch Tuesday fixes 81 flaws, two zero-days

Hackers exploited Sitecore zero-day flaw to deploy backdoors

FreePBX servers hacked via zero-day, emergency fix released

Apple fixes new zero-day flaw exploited in targeted attacks

 

Security, Healthcare

SimonMed says 1.2 million patients impacted in January data breach

U.S. medical imaging provider SimonMed Imaging is notifying more than 1.2 million individuals of a data breach that exposed their sensitive information.

Bill Toulas October 13, 202504:12 PM

 

Security

Massive multi-country botnet targets RDP services in the U.S.

A large-scale botnet is targeting Remote Desktop Protocol (RDP) services in the United States from more than 100,000 IP addresses.

• Bill Toulas
• October 13, 2025
• 02:05 PM
• 0

Security

SonicWall VPN accounts breached using stolen creds in widespread attacks

Researchers warn that threat actors have compromised more than a hundred SonicWall SSLVPN accounts in a large-scale campaign using stolen, valid credentials.

• Bill Toulas
• October 13, 2025
• 11:58 AM
• 0

Microsoft

Microsoft investigates outage affecting Microsoft 365 apps

Microsoft is investigating an ongoing incident that is preventing some customers from accessing Microsoft 365 applications.

• Sergiu Gatlan
• October 13, 2025
• 11:58 AM
• 0

Security

Oracle releases emergency patch for new E-Business Suite flaw

Oracle has issued an emergency security update over the weekend to patch another E-Business Suite (EBS) vulnerability that can be exploited remotely by unauthenticated attackers.

• Sergiu Gatlan
• October 13, 2025
• 10:42 AM
• 0

Security

Meet Varonis Interceptor: AI-Native Email Security

AI-generated phishing and social engineering attacks outpace traditional email defenses. Varonis' new Interceptor platform uses multimodal AI — vision, language, and behavior models — to detect zero-hour attacks and stop them before they reach users.

• Varonis
• October 13, 2025
• 10:04 AM
• 0

Microsoft

Microsoft: Windows 11 Media Creation Tool broken on Windows 10 PCs

Microsoft says the latest version of the Windows 11 Media Creation Tool (MCT) no longer works correctly on Windows 10 22H2 computers.

• Sergiu Gatlan
• October 13, 2025
• 09:22 AM
• 3

Security

Harvard investigating breach linked to Oracle zero-day exploit

Harvard University is investigating a data breach after the Clop ransomware gang listed the school on its data leak site, saying the alleged breach was likely caused by a recently disclosed zero-day vulnerability in Oracle's E-Business Suite servers.

• Lawrence Abrams
• October 13, 2025
• 07:14 AM
• 0

Deals

The $380 refurbished Surface Laptop 3 with i7 performance and 16GB RAM

Not every budget laptop can handle real work, but you probably don't want to drop a grand on a premium laptop either. That's why we want to share this deal on a refurbished Microsoft Surface Laptop 3 that offers top-tier features at a much more affordable price of $379.99, compared to its original $1,099 MSRP.

• BleepingComputer Deals
• October 13, 2025
• 07:07 AM
• 0