After the October 2020 patch, Microsoft has added the option to windows that let system admins disable the JScript element inside the Internet Explorer.
The JScript scripting engine is an old segment that was originally incorporated with Internet Explorer 3.0 in 1996 and was Microsoft’s own language specification in the form of an Active Scripting engine.
With the release of Internet Explorer 8.0 in 2009, development on the JScript engine ended, and the component was depreciated. However, the engine prevailed in all Windows OS versions as a legacy component inside IE.
Over the years, malicious actors recognized that they could target the JScript engine, as Microsoft wasn’t regularly developing it and just occasionally shipped security updates, only while been attacked by malicious actors.
A few of the recent JScript zero-days that Microsoft had to cope with within the last three years are— CVE-2018-8653, CVE-2019-1367, CVE-2019-1429, and CVE-2020-0674.
Now, 11 years following depreciating the component, Microsoft is eventually offering system administrators a means to disable JScript execution by default on internet explorer.
How to Disable JScript on Internet Explorer
Specifications on how this can be done are available below, as taken from Microsoft’s documentation.
- Click on Start, then click Run, and type regedt32 or regedit, and then click Ok.
- In order to disable JScript execution in Internet Zone, find the following registry subkey in Registry Editor:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\140D
In order to disable JScript execution in Restricted Sites Zone, find the following registry subkey in Registry Editor:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\140D - Right-click the associated registry subkey, and then click Modify.
- In the Edit DWORD (32-bit) Value dialog box, then type 3.
- Click OK, and then restart the Internet Explorer.
After successfully doing this, the Internet Explorer will no longer execute JScript from sites utilizing IE legacy document modes (IE9 and earlier versions), and also those that are in the Restricted Sites Zone or Internet Zone.
To re-enable JScript execution for one or both security zones, you will need to set the value of the corresponding registry subkey to 0 and also will require to restart Internet Explorer for the changes to take effect.
Are you looking for more security updates? Subscribe to our Newsletter for the latest security news and latest software news right from the security and research industries. If you have any doubts, queries, or suggestions, please comment below in the comment box.