In its security updates Patch TuesdayThe Microsoft πρόσθεσε μια νέα επιλογή στα Windows που επιτρέπει στους διαχειριστές συστημάτων να απενεργοποιήσουν το στοιχείο JScript στον Internet Explore.
The JScript scripting engine is an old element that was first included in Internet Explorer 3.0 in 1996 and in the Microsoft dialect for the ECMAScript standard (JavaScript language).
Over the years, the villains users they realized they could attack JScript since Microsoft didn't update it often.
The CVE-2018-8653, CVE-2019-1367, CVE-2019-1429 and CVE-2020-0674 are some of the recent 0days for JScript that Microsoft has encountered over the past three years.
Now, 11 years later, Microsoft is finally giving system administrators a way to disable JScript by default.
According to Microsoft, Patch Tuesday October 2020 brings new keys to register of Windows that system administrators can change to block the jscript.dll file.
How can this happen:
Open run with search, and type regedt32 or regedit.
To turn off JScript in Internet Zone, you need to find the following key in Registry Editor:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ Zones \ 3 \ 140D
Locate the following subkey in Registry Editor:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ Zones \ 4 \ 140D
Right-click the registry subkey, and then click Modify.
In Edit DWORD (32-bit) value, type 3.
Click on button OK and then restart Internet Explorer.