Microsoft is restricting access to Internet Explorer mode in the Edge browser after learning that hackers were taking advantage of a zero-day exploit in the Chakra JavaScript engine to gain access to targeted devices.
The tech giant didn’t share too many technical details, but said the threat actor combined social engineering with an exploit in Chakra to achieve remote code execution.
“The (Edge Security) team recently received intelligence indicating that threat actors were abusing the Internet Explorer (IE) mode within Edge to gain access to unknowing users’ devices.” They say Gareth Evans, Microsoft Edge Security Team Lead.
Although support for Internet Explorer ended on June 15, 2022, Microsoft Edge has an IE mode for legacy compatibility with older technologies (ActiveX and Flash) that is still in use with a small set of business applications and government portals.
In August, the Edge security team discovered that threat actors were directing targets to “an official-looking fake website” that prompted users, through an interface element, to load the page in IE mode.
After exploiting the zero-day in the cycle, the attacker took advantage of a second vulnerability to escalate privileges and bypass the browser and take full control of the device.
Evans did not provide identifiers for the exploited vulnerabilities and said the flaw has not been fixed in Chakra.
To mitigate the risk, Microsoft removed methods that allowed IE mode to be activated through easier methods in Edge, such as dedicated toolbar buttons, context menus, and items in the hamburger menu.
Users who wish to activate IE mode must navigate to Settings > Default Browser > Permissions and define pages that should be loaded using Internet Explorer.
Source: BleepingComputer
The new restrictions are intended to make activation of IE Mode an intentional user action. Additionally, the list of websites approved to load in IE mode should make it very difficult for attackers to succeed in their compromise attempts.
These changes do not apply to commercial users, who will continue to use IE modes configured through enterprise policies.
However, Microsoft reminded users that they should move from older web technology in Internet Explorer to modern products that offer better security, are more reliable and come with better performance.
attend Breach and Attack Simulation Summit and experience future of security verificationHear from top experts and see how AI-powered BAS Changing breach and attack simulations.
Don’t miss the event that will shape the future of your security strategy
