Recently, Microsoft unveiled modifications to the access mechanism of Internet Explorer (IE) mode within the Microsoft Edge browser, in a bid to counter cyberattacks that leverage zero-day vulnerabilities. Prior to this, Microsoft had received reliable reports revealing that attackers were capitalizing on compatibility elements in IE mode to deceive users into loading pages in IE mode via fraudulent websites. This action triggered unpatched zero-day vulnerabilities in the Chakra JavaScript engine, thereby affording attackers the ability to execute code remotely. Subsequently, they exploited a second vulnerability to elevate their privileges, culminating in complete control over the user's device.

To mitigate such attacks, Microsoft has eliminated the dedicated toolbar button, right-click menu, and main menu shortcuts for IE mode in the Edge browser. Following this adjustment, ordinary users are required to manually access 'Settings > Default Browser > Allow' and pre-add the website addresses that necessitate IE mode in order to activate it. Microsoft underscored that these limitations do not pertain to commercial users who configure IE mode uniformly through enterprise policies, aligning with common business practices and enterprise IT management norms.