You can now disable JScript execution in Internet Explorer - gHacks Tech News

ADVERTISEMENT

You can now disable JScript execution in Internet Explorer

Internet Explorer is not a huge priority anymore at Microsoft but the latest version of the web browser is still maintained by Microsoft and security patches do get released regularly.  Each month, security updates are released that should be installed even if Internet Explorer is not used at all or rarely used.

Microsoft introduced an option on the October 2020 Patch Day for its products to disable the JScript component of the company's Internet Explorer browser; this is done to improve overall security according to Microsoft. The option has been implemented with organizations in mind, but nothing is keeping home Windows administrators from disabling the feature on their devices as well.

Microsoft's Benjamin Soon provides some insight on Microsoft's decision on the company's Tech Community website:

Jscript is a legacy Microsoft implementation of the ECMA 262 language specification. Blocking Jscript helps protect against malicious actors targeting the JScript scripting engine while maintaining user productivity as core services continue to function as usual.

Microsoft recommends that JScript is disabled in the Internet and Restricted Zones. The process requires Registry edits and on older systems the configuration of a feature control key.

internet explorer disable jscript

Devices with Windows 10 version 1803 or later support the new Registry values out of the box. Here is how you restrict JScript execution in Internet Explorer, JScript from executing scripts for emulated applications, and JScript from executing scripts from MXSML3 and MSXML6.

  1. Use Windows-R to open the run box.
  2. Typ regedit and hit OK.
  3. Confirm the UAC prompt.
  4. Disabling JScript execution in the Internet Zone:
    1. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\
    2. Right-click on 140D and select Modify.
    3. Change the value to 3.
    4. Select OK
  5. Disabling JScript execution in Restricted Sites Zone:
    1. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\
    2. Right-click on 140D and select Modify.
    3. Change the value to 3.
    4. Select OK
  6. Restrict JScript from executing scripts from emulated applications:
    1. HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\
    2. Right-click on 140D and select New > Dword (32-bit) Value.
    3. Name it EnableJScriptMitigation.
    4. Set its value to 1.
    5. Click ok.
  7. Restrict MSXML3 and MSXML6 script execution:
    1. MSXML3 on 32-bit system: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSXML30
    2. MSXML6 on 32-bit systems: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSXML60
    3. MSXML3 on 64-bit systems: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\MSXML30
    4. MSXML6 on 64-bit systems: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\MSXML60
    5. Right-click on the keys and select New > Dword (32-bit) Value.
    6. Name it EnableJScriptMitigation.
    7. Set its value to 1.
    8. Click ok.
  8. Restart Internet Explorer.

Internet Explorer won't run JScript from sites that use Internet Explorer's legacy document modes provided that the sites are in the Internet Zone or Restricted Sites Zone. Additionally, if you set the keys under 6) and 67 above, JScript cannot be executing scripts from emulated applications or from MSXML3 and MSXML6.

You can check out Microsoft's support article for additional details.

Summary
You can now disable JScript execution in Internet Explorer
Article Name
You can now disable JScript execution in Internet Explorer
Description
Find out how to disable JScript execution in Internet Explorer on recent versions of Windows 10 to improve the overall security of the system.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: »

Comments

  1. Yuliya said on October 20, 2020 at 10:06 pm
    Reply

    I’d just disable IE from “Windows Features”
    C:\Windows\System32\OptionalFeatures.exe
    Do note this will not affect any program requiring the Trident engine, like many VPN clients do, or certain Windows features.

  2. owl said on October 21, 2020 at 1:21 pm
    Reply

    In my opinion:
    From a privacy perspective, I avoid “Microsoft and Google services” in principle.
    Because that point of view, the function of “Internet Explorer” has been “disabled as much as possible” using W10Privacy etc., and “blocked” has been set in simplewall etc.
    https://www.w10privacy.de/english-home/instructions-1/
    https://www.henrypp.org/product/simplewall

    However, I referred to this topic and took “additional measures”.
    Thanks for the article.

  3. Anonymous said on October 23, 2020 at 6:32 pm
    Reply

    @Martin

    ”– security updates are released that should be installed even if Internet Explorer *is not used at all* –.”

    Can you explain that why these updates should be installed (Internet Explorer related)? Usually it is hard to know what is important so user should install all updates. Is that what you mean?

    1. Anonymous said on October 25, 2020 at 2:50 pm
      Reply

      @Martin Brinkmann or someone

      Maybe you don’t have time to answer or it is hard to find new comments because the structure of this forum, if someone else knows the answer it would help. Now it is only few comments however it is a difficult to follow new comments about old news. I did mean that a regular user should install genarally all updates or these particular updates have other effects.

      1. Tom Hawack said on October 26, 2020 at 12:40 pm
        Reply

        @Anonymous , there are two RSS feeds available for Ghacks,
        1- Article feeds : [https://www.ghacks.net/feed/]
        2- Comment feeds : [https://www.ghacks.net/comments/feed/]

        Comments feeds makes it easy to “follow new comments about old news.”. I’ve happened to acknowledge/reply to latest comments on old, even very old! articles.
        Of course you’ll need an RSS reader, either as an application either as a browser extension if your browser has none natively.

      2. Anonymous said on October 27, 2020 at 2:23 pm
        Reply

        @Tom Hawack

        Thank you for advice about RSS feed. I commented yesterday: ”Never mind” because Martin Brinkmann was busy or he didn’t notice my comments and I understood it. However he didn’t publish that proper comment.

      3. Anonymous said on October 26, 2020 at 6:04 pm
        Reply

        Never mind.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.