Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
The Internet Microsoft Security

Microsoft Adds Option To Disable JScript In Internet Explorer (zdnet.com) 21

As part of the October 2020 Patch Tuesday security updates, Microsoft has added a new option to Windows to let system administrators disable the JScript component inside Internet Explorer. ZDNet reports: The JScript scripting engine is an old component that was initially included with Internet Explorer 3.0 in 1996 and was Microsoft's own dialect of the ECMAScript standard (the JavaScript language). Development on the JScript engine ended, and the component was deprecated with the release of Internet Explorer 8.0 in 2009, but the engine remained in all Windows OS versions as a legacy component inside IE. Across the years, threat actors realized they could attack the JScript engine, as Microsoft wasn't actively developing it and only rarely shipped security updates, usually only when attacked by threat actors. [...]

Now, 11 years after deprecating the component, Microsoft is finally giving system administrators a way to disable JScript execution by default. According to Microsoft, the October 2020 Patch Tuesday introduces new registry keys that system administrators can apply and block the jscript.dll file from executing code. Details on how this can be done are available below, as taken from Microsoft's documentation.

This discussion has been archived. No new comments can be posted.

Microsoft Adds Option To Disable JScript In Internet Explorer

Comments Filter:
  • Now of course, if you get hacked, attacked, cracked, or fracked it's the user/admin fault for not turning off JScript in the POS Internet Explorer JS component. But it took GM forever to put a stabilizer bar on the Corvair, or Ford a long time a roll-over valve on the Pinto, or Intel to recall and replace for free the Pentium processor. Better wait than never. Yet there are some genius assclowns that still either require or force Windows users to use Internet Exploder.
  • by DontBeAMoran ( 4843879 ) on Monday October 19, 2020 @06:56PM (#60626702)

    According to Microsoft, the October 2020 Patch Tuesday introduces new registry keys that system administrators can apply and block the jscript.dll file from executing code.

    Can't you just delete that jscript.dll file?

    • by Ronin441 ( 89631 )

      (a) Yes, but this is a system administrator thing — you'd have to delete it on each machine;

      (b) yes, but the next security update that affected IE would likely put it back.

    • It'll be back at the next update...
  • Are there any websites left that only work with IE?
    • by Merk42 ( 1906718 )
      Proprietary internal-only admin pages built during the dotcom bubble.
    • unfortunately one of the largest automotive software providers makes us use Internet Explorer 11 for some software, then some is chrome only. The stuff that doesnt work in Chrome, well use Firefox. Its a hodgepodge of different software from the 60's, 80's, 90's and such. On don't forget you get the privilege of paying tens of thousands of dollars a month for this "suite". Its redonculous.
    • God I hope it has changed, but I talked with a good friend consultant of mine who did work for a nuclear frigging power plant. The control room display system runs on ActiveX controls in IE. .. I was going to add more info, but I think that just about sums up everything.

    • Comment removed based on user account deletion
  • by Anonymous Coward
    Why do administrators have to disable it? It should be the other way around; JScript should be disabled by default and administrators should have to specifically allow it.
  • Browsers permit disabling 3rd party cookies. Why not permit disabling all or some parts from a 3rd party?

    Because I go to yahoo.com why should I have to trust the two dozen 3rd parties that yahoo partners with?

    Yes, I understand this would break things. Welcome to the internet. Change does that.

  • If you want to be protected from Aieeee! then you just disable it completely with group policy. The only reason not to do so is if you need it for some special site that won't make itself standards-compliant. But if you need it for that, you probably need javascript as well...

Technology is dominated by those who manage what they do not understand.

Working...