At security updates of Patch Tuesday, Microsoft added a new option to Windows that allows system administrators to disable the JScript component on the Internet Explore.
The JScript scripting engine is an old component originally included in the Internet Explorer 3.0 in 1996 and in Microsoft's dialect of the ECMAScript standard (the JavaScript language).
Over the years, malicious users have realized that they could attack JScript, as Microsoft did not update it frequently.
The CVE-2018-8653, CVE-2019-1367, CVE-2019-1429 and CVE-2020-0674 are some of the recent 0days for JScript that Microsoft has encountered over the past three years.
Now, 11 years later, Microsoft is finally giving system administrators a way to disable JScript by default.
According to Microsoft, the Patch Tuesday October 2020 brings new keys to the Windows registry that system administrators can change to block the jscript.dll file.
How can this happen:
Open run with search, and type regedt32 or regedit.
To turn off JScript in Internet Zone, you need to find the following key in Registry Editor:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ Zones \ 3 \ 140D
Locate the following subkey in Registry Editor:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ Zones \ 4 \ 140D
Right-click the registry subkey, and then click Modify.
In the Edit DWORD Value (32-bit), enter 3.
Click on button OK and then restart Internet Explorer.