October 15, 2025, 12:30 pm | Read time: 3 minutes
Technically, it hasn’t been a standalone browser for years. Yet, the classic Internet Explorer is now emerging as a significant security vulnerability for Windows computers. Microsoft has already responded and implemented countermeasures.
Internet Explorer Still Exists as a Mode
The company introduced Internet Explorer in 1995 as part of Windows 95. For a long time, it was the standard browser worldwide, with a market share of up to 95 percent at its peak. However, over the years, new competition emerged while Microsoft’s own product faced challenges. The result: In 2022, the company discontinued the browser, and in 2023, it was even deleted from PCs via an update.
Nevertheless, the old browser has survived in the form of a special mode within Microsoft Edge. This allows users to load websites with the classic Explorer. This is beneficial for so-called legacy programs that rely on old technologies to function properly, such as Flash or ActiveX. The compatibility mode for Internet Explorer is helpful for applications used by companies or government agencies, where modernization occurs very slowly and is often impractical.
Users can open the mode for predetermined websites, complete their tasks, and then return to the Edge interface.
How Internet Explorer Becomes a Security Vulnerability
The Microsoft Edge security team has acknowledged in a new post that Internet Explorer has become a security vulnerability because it was not developed with the robust architecture and modern security measures of current browsers.
In fact, new reports have been received that cybercriminals have been exploiting vulnerabilities within the Internet Explorer mode since August. Specifically, there are unresolved issues in the old JavaScript engine Chakra. Combined with social engineering, perpetrators gain access to the devices of targeted individuals.
Criminals trick their victims into navigating to a legitimate-looking but fake website. There, they are prompted to reload the page in Internet Explorer, bypassing many of Edge’s security standards. The perpetrators can then execute malicious code through the Java security vulnerability and subsequently gain full control over the device through a second exploit.
Major Security Flaw in Google Chrome: Update Urgently Needed
What Google’s Advertising Cookie Phase-Out Means for Users
How Microsoft Responds
Since Internet Explorer poses a security risk, Microsoft has quickly removed the most dangerous access points when loading a webpage in the associated mode. These include the toolbar button, the context menu, and items in the so-called hamburger menu. This measure applies to corporate use.
When and if the company will close the remaining security gaps in Internet Explorer remains unclear. Microsoft strongly advises moving away from legacy programs as quickly as possible and transitioning to modern, safer environments.
Activate Internet Explorer for Private Use Individually
Individuals who wish to continue using Explorer privately must now explicitly activate it for each individual site. Microsoft provides the following steps:
- Go to “Settings” and then to “Default browser.”
- Find the option “Allow sites to be reloaded in Internet Explorer mode” and set it to “Allow.”
- After enabling this setting, add the specific website(s) requiring IE compatibility to the list of sites in Internet Explorer mode.
- Reload the website; it should now open in IE mode with the required compatibility.