The Latest Cybersecurity Threats Affecting Microsoft Users
As attack vectors grow more sophisticated, hackers are finding new ways to exploit supply chains, cloud services, and human error. In the last week, Microsoft has identified two cybersecurity threats which could potentially expose its customers to a data breach.
Microsoft Revamps Edge’s Internet Explorer Mode Following Active Exploitation Reports
Microsoft has overhauled the Internet Explorer (IE) mode in its Edge browser. After receiving credible reports back in August, the company has been quick-ish to respond to threat actors abusing the backward compatibility feature to gain unauthorised access to user devices.
According to a report from the Microsoft Browser Vulnerability Research team, attackers exploited unpatched zero-day vulnerabilities in Internet Explorer’s Chakra JavaScript engine.
Hackers then used social engineering tactics to compromise victims.
This type of cyber threat raises two questions IT managers need to answer.
1. Does our patch management strategy secure our entire IT infrastructure?
You can read more about patch management here.
2. Do our staff know how to identify social engineering tactics used by hackers?
You can read more about social engineering here.
How Hackers Exploited Microsoft Users
Hackers engineered the cybersecurity threat by luring Microsoft users to a legitimate-looking website which featured a flyout prompt urging visitors to reload the page in IE mode.
However, the reload was infected with malware.
Once reloaded, the attackers deployed an unspecified Chakra exploit to achieve remote code execution (RCE), followed by a privilege escalation exploit to break out of the browser sandbox and take full control of the affected system.
This technique is particularly troubling because it undermines the modern security architecture of Chromium-based browsers. By forcing Edge to operate in a less secure IE compatibility state, attackers effectively bypassed built-in safeguards, enabling malware installation, lateral movement across networks, and data exfiltration.
Microsoft has since implemented enhanced security measures and mitigations within Edge’s IE mode to prevent similar exploitation paths in the future.
Microsoft Patches 183 Security Flaws, Ends Standard Support for Windows 10
Yesterday, Microsoft released patches addressing 183 security vulnerabilities across its product suite.
The announcement coincides with the official end of standard support for Windows 10. Users will now only receive updates through the Extended Security Updates (ESU) program.
Whilst this appears to be a publicity stunt to convince businesses that are still using Windows 10 to buy a supported package, the news serves as a reminder that unsupported IT systems are vulnerable to cybersecurity threats.
And just in case you might want to consider an upgrade, here’s what you can expect from Microsoft Windows 12.
Of the 183 vulnerabilities, Microsoft classified 165 as Important, 17 as Critical, and one as Moderate. Most issues involve elevation of privilege (84), followed by remote code execution (33), information disclosure (28), spoofing (14), denial-of-service (11), and security feature bypass (11).
Is Your IT System Protected Against Cybersecurity Threats?
Protecting your firm’s IT systems requires constant vigilance, proactive monitoring, and expert intervention.
Our team of cybersecurity specialists install effective defences to safeguard your IT infrastructure against cybersecurity threats. We use technologies that detect threats before they escalate, and ensure your employees remain resilient in the face of evolving digital risks.
With advanced protection, strategic guidance, and rapid response, MicroPro gives you the confidence that your systems—and your reputation—are secure.
Contact us to arrange a consultation with our management team.
