Microsoft is phasing out VBScript in Windows to improve security

Martin Brinkmann
Oct 11, 2023
Security, Windows 11 News
|
0

Microsoft announced plans to deprecate Visual Basic Script (VBScript) support in its Windows operating system. The company introduced VBScript, which is modeled on Visual Basic, in 1996. Web developers were the initial target of the scripting language, but it soon gained popularity with Windows administrators. Administrators used VBScript to automate tasks on Windows. Malware developers started to use the scripting language as well in their attacks, for instance to infect systems with the infamous I Love You worm.

Microsoft included VBScript in Internet Explorer, its first major web browser. Internet Explorer is no longer supported in most versions of Windows and Microsoft disabled VBScript in IE some time ago as well.. VBScript itself has been pushed aside by Microsoft's .NET framework and it has been supported with bug fixes and security fixes only for a long time.

The deprecation message on Microsoft's website provides the following information: "VBScript is being deprecated. In future releases of Windows, VBScript will be available as a feature on demand before its removal from the operating system."

Microsoft doesn't provide a timeline at this point. VBScript is turned into an optional feature for Windows in "future releases" and it will continue to be enabled by default in the beginning. Eventually, Microsoft will flip a switch to make VBScript an optional component that is no longer enabled by default before removing the functionality entirely from Windows.

Windows administrators may list optional features in the Settings app. An easy way to get there is to open Start, type optional features and select the manage optional features item that is returned. Windows lists all optional feature that are installed on the page. The "add a feature" button displays all available features that are not installed at the time.

Disabling VBScript removes the attack vector

Microsoft offers no reason for disabling VBScript. Clearly, deprecation VBScript will improve security as attackers can't use .vbs scripts anymore in their attacks. While there are plenty of alternatives available, plugging one attack vector is better than nothing.

Bleeping Computer, which discovered the information, also believe that Microsoft is doing this primarily to improve security. VBScript is still used in malware attacks up to this day.

Once VBSCript is added to the optional features, Windows users may disable the feature in the Settings app. An option to disable the Windows Scripting Host to block .vbs malware is also available already.

Summary
Article Name
Microsoft is phasing out VBScript in Windows to improve security
Description
Microsoft announced plans to deprecate Visual Basic Script (VBScript) support in its Windows operating system.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

There are no comments on this post yet, be the first one to share your thoughts!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.