In its security updates Patch TuesdayThe Microsoft has added a new option to Windows that allows system administrators to disable JScript in Internet Explorer.
The JScript scripting engine is an old element that was first included in Internet Explorer 3.0 in 1996 and in the Microsoft dialect for the ECMAScript standard (JavaScript language).
During the duration years ago, malicious users realized that they could attack JScript since Microsoft did not update it often.
The CVE-2018-8653, CVE-2019-1367, CVE-2019-1429 and CVE-2020-0674 are some of them recently 0day for JScript that Microsoft has faced in the past three years.
Now, 11 years later, Microsoft is finally giving system administrators a way to disable JScript by default.
According to Microsoft, the Patch Tuesday October 2020 brings new keys to the Windows registry that system administrators can change to block the jscript.dll file.
How can this happen:
Open run with search, and type regedt32 or regedit.
To turn off JScript in Internet Zone, you need to find the following key in Registry Editor:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ Zones \ 3 \ 140D
Locate the following subkey in Registry Editor:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ Zones \ 4 \ 140D
Right-click the registry subkey, and then click Modify.
In Editing prices DWORD (32-bit), type 3.
Click OK, and then restart Internet Explorer.