Microsoft Edge restricts IE mode after zero-day exploit
Microsoft is restricting access to Internet Explorer (IE) mode within its Edge browser after discovering that threat actors were exploiting zero-day vulnerabilities. The attacks leverage the Chakra JavaScript engine to gain remote code execution on target devices.
The company’s Edge security team received intelligence in August indicating a new threat vector. According to Gareth Evans, Microsoft Edge Security Team Lead, “The [Edge security] team recently received intelligence indicating that threat actors were abusing Internet Explorer (IE) mode within Edge to gain access to unsuspecting users’ devices.” The attack combines social engineering with the software exploit. Threat actors direct targets to what was described as an “official-looking spoofed website” which then prompts the user, through an interface element, to load the page in IE mode. This action triggers the exploit.
The attack unfolds in multiple stages. Once the initial zero-day vulnerability in the Chakra engine is exploited, the attacker leverages a second, unspecified vulnerability. This secondary exploit allows for privilege escalation, enabling the attacker to escape the browser’s security sandbox. After breaking out of the browser’s confines, the threat actor can take full control of the device. Microsoft did not release identifiers for the vulnerabilities involved and confirmed that the flaw in the Chakra engine remains unpatched.
Microsoft Edge hits sub-300ms content load time
IE mode was initially retained in the Edge browser for legacy compatibility purposes, even after official support for Internet Explorer ended on June 15, 2022. The feature allows access to older web technologies, such as ActiveX and Flash, which a small number of business applications and government portals still use.
To mitigate the immediate risk, Microsoft has removed the simple, one-click methods for activating IE mode. The dedicated toolbar button, the context menu entry available via a right-click, and the option located in the main hamburger menu have all been disabled for general users. These changes are intended to make the activation of IE mode a more intentional user action, thereby reducing the chance of accidental or malicious use.
Users who still need to access sites with IE mode must now navigate to Settings > Default Browser > Allow. In this section, they are required to explicitly define the specific pages that are permitted to load using the Internet Explorer engine. This requirement for an approved list of websites is designed to make it significantly more difficult for attackers to succeed with their exploit. These restrictions do not apply to commercial users, who can continue to use IE mode as configured through enterprise policies. Microsoft advised all users to migrate from legacy Internet Explorer technologies to modern products for better security, reliability, and performance.
Featured image credit
FAQs
Frequently Asked Questions
What is a Premium Domain Name? A premium domain name is the digital equivalent of prime real estate. It’s a short, catchy, and highly desirable web address that can significantly boost your brand's impact. These exclusive domains are already owned but available for purchase, offering you a shortcut to a powerful online presence. Why Choose a Premium Domain? Instant Brand Boost: Premium domains are like instant credibility boosters. They command attention, inspire trust, and make your business look established from day one. Memorable and Magnetic: Short, sweet, and unforgettable - these domains stick in people's minds. This means more visitors, better recall, and ultimately, more business. Outshine the Competition: In a crowded digital world, a premium domain is your secret weapon. Stand out, get noticed, and leave a lasting impression. Smart Investment: Premium domains often appreciate in value, just like a well-chosen piece of property. Own a piece of the digital world that could pay dividends. What Sets Premium Domains Apart? Unlike ordinary domain names, premium domains are carefully crafted to be exceptional. They are shorter, more memorable, and often include valuable keywords. Plus, they often come with a built-in advantage: established online presence and search engine visibility. How Much Does a Premium Domain Cost? The price tag for a premium domain depends on its desirability. While they cost more than standard domains, the investment can be game-changing. Think of it as an upfront cost for a long-term return. BrandBucket offers transparent pricing, so you know exactly what you're getting. Premium Domains: Worth the Investment? Absolutely! A premium domain is more than just a website address; it's a strategic asset. By choosing the right premium domain, you're investing in your brand's future and setting yourself up for long-term success. What Are the Costs Associated with a Premium Domain? While the initial purchase price of a premium domain is typically higher than a standard domain, the annual renewal fees are usually the same. Additionally, you may incur transfer fees if you decide to sell or move the domain to a different registrar. Can I Negotiate the Price of a Premium Domain?
In some cases, it may be possible to negotiate the price of a premium domain. However, the success of negotiations depends on factors such as the domain's demand, the seller's willingness to negotiate, and the overall market conditions. At BrandBucket, we offer transparent, upfront pricing, but if you see a name that you like and wish to discuss price, please reach out to our sales team.
How Do I Transfer a Premium Domain?
Transferring a premium domain involves a few steps, including unlocking the domain, obtaining an authorization code from the current registrar, and initiating the transfer with the new registrar. Many domain name marketplaces, including BrandBucket, offer assistance with the transfer process.
