Overview

• Microsoft says August 2025 intelligence showed threat actors abusing IE mode using social engineering and unpatched Chakra zero-day flaws.
• Attackers steered users to spoofed sites that prompted a reload in IE mode, then executed code via a Chakra exploit before using a second bug to gain full device control.
• To mitigate risk, Microsoft removed the toolbar button, context menu option, and hamburger menu entry for IE mode, making activation a deliberate action.
• Users who still need the feature must enable it via Settings > Default Browser and specify allowed pages for IE mode on a site-by-site basis.
• Commercial customers using enterprise policies are not affected by these restrictions, and Microsoft withheld vulnerability details, actor attribution, and attack scope while urging migration off legacy technologies.