Microsoft Adds Option To Disable JScript In Internet Explorer (zdnet.com) 21

Posted by BeauHD on Monday October 19, 2020 @05:40PM from the it's-about-time dept.

As part of the October 2020 Patch Tuesday security updates, Microsoft has added a new option to Windows to let system administrators disable the JScript component inside Internet Explorer. ZDNet reports: The JScript scripting engine is an old component that was initially included with Internet Explorer 3.0 in 1996 and was Microsoft's own dialect of the ECMAScript standard (the JavaScript language). Development on the JScript engine ended, and the component was deprecated with the release of Internet Explorer 8.0 in 2009, but the engine remained in all Windows OS versions as a legacy component inside IE. Across the years, threat actors realized they could attack the JScript engine, as Microsoft wasn't actively developing it and only rarely shipped security updates, usually only when attacked by threat actors. [...]

Now, 11 years after deprecating the component, Microsoft is finally giving system administrators a way to disable JScript execution by default. According to Microsoft, the October 2020 Patch Tuesday introduces new registry keys that system administrators can apply and block the jscript.dll file from executing code. Details on how this can be done are available below, as taken from Microsoft's documentation.

Microsoft Adds Option To Disable JScript In Internet Explorer

This discussion has been archived. No new comments can be posted.

Load All Comments

Search 21 Comments Log In/Create an Account

Comments Filter:

- Re: (Score:1)
  
  by Tablizer ( 95088 ) writes:
  
  Yes, because the people who pay us use and know Microsoft. It's not a good thing, but you see, I do like receiving paychecks.
  - Re: (Score:2)
    
    by Tough Love ( 215404 ) writes:
    
    The technical word for that is "hell".
Now they can disclaim responsibility (Score:1)

by joshuakendrik ( 5704452 ) writes:

Now of course, if you get hacked, attacked, cracked, or fracked it's the user/admin fault for not turning off JScript in the POS Internet Explorer JS component. But it took GM forever to put a stabilizer bar on the Corvair, or Ford a long time a roll-over valve on the Pinto, or Intel to recall and replace for free the Pentium processor. Better wait than never. Yet there are some genius assclowns that still either require or force Windows users to use Internet Exploder.
Block the file? (Score:3)

by DontBeAMoran ( 4843879 ) writes: on Monday October 19, 2020 @06:56PM (#60626702)

According to Microsoft, the October 2020 Patch Tuesday introduces new registry keys that system administrators can apply and block the jscript.dll file from executing code.
Can't you just delete that jscript.dll file?

- Re: (Score:2)
  
  by Ronin441 ( 89631 ) writes:
  
  (a) Yes, but this is a system administrator thing — you'd have to delete it on each machine;
  (b) yes, but the next security update that affected IE would likely put it back.
- Re: (Score:2)
  
  by hcs_$reboot ( 1536101 ) writes:
  
  It'll be back at the next update...
Why would they still use IE? (Score:2)

by OneHundredAndTen ( 1523865 ) writes:

Are there any websites left that only work with IE?
- Re: (Score:2)
  
  by Merk42 ( 1906718 ) writes:
  
  Proprietary internal-only admin pages built during the dotcom bubble.
- Re: (Score:2)
  
  by krakelohm ( 830589 ) writes:
  
  unfortunately one of the largest automotive software providers makes us use Internet Explorer 11 for some software, then some is chrome only. The stuff that doesnt work in Chrome, well use Firefox. Its a hodgepodge of different software from the 60's, 80's, 90's and such. On don't forget you get the privilege of paying tens of thousands of dollars a month for this "suite". Its redonculous.
- Re: (Score:2)
  
  by ssyladin ( 458003 ) writes:
  
  God I hope it has changed, but I talked with a good friend consultant of mine who did work for a nuclear frigging power plant. The control room display system runs on ActiveX controls in IE. .. I was going to add more info, but I think that just about sums up everything.
- Re: (Score:2)
  
  by account_deleted ( 4530225 ) writes:
  
  Comment removed based on user account deletion
It should be opt in (Score:1)

by Anonymous Coward writes:

Why do administrators have to disable it? It should be the other way around; JScript should be disabled by default and administrators should have to specifically allow it.
Tangent land: disable 3rd party scripts (Score:2)

by schwit1 ( 797399 ) writes:

Browsers permit disabling 3rd party cookies. Why not permit disabling all or some parts from a 3rd party?
Because I go to yahoo.com why should I have to trust the two dozen 3rd parties that yahoo partners with?
Yes, I understand this would break things. Welcome to the internet. Change does that.
Senseless (Score:2)

by drinkypoo ( 153816 ) writes:

If you want to be protected from Aieeee! then you just disable it completely with group policy. The only reason not to do so is if you need it for some special site that won't make itself standards-compliant. But if you need it for that, you probably need javascript as well...

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Microsoft Adds Option To Disable JScript In Internet Explorer (zdnet.com) 21

Microsoft Adds Option To Disable JScript In Internet Explorer More Login

Microsoft Adds Option To Disable JScript In Internet Explorer

Re: (Score:1)

Re: (Score:2)

Now they can disclaim responsibility (Score:1)

Block the file? (Score:3)

Re: (Score:2)

Re: (Score:2)

Why would they still use IE? (Score:2)

Re: (Score:2)

Re: (Score:2)

Re: (Score:2)

Re: (Score:2)

It should be opt in (Score:1)

Tangent land: disable 3rd party scripts (Score:2)

Senseless (Score:2)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot