In October 2020, Tuesday, with security patch updates, Microsoft has attached a new alternative to Windows to allow the system administrators to impair the JScript element present inside Internet Explorer.
However, the JScript is a legacy Microsoft execution of the ECMAScript language spec in an Active Scripting engine. The JScript scripting transformer is an old element that was originally combined with Internet Explorer 3.0 in 1996 and was Microsoft’s own language of the ECMAScript standard.
According to Microsoft Report, adding an option to impair JScript’s execution is a significant security enhancement. As it enables the IT admins to implement their users with a safe and secure browsing experience over enterprise environments where IE11 is still the web browser of opportunities for legacy software solutions.
Manually edit the registry and disable JScript execution in IE for Internet Zone
However, if the user wants to edit the registry and impair their JScript implementation in the Internet Explorer for the Internet region, then they must follow the steps that we have mentioned below:-
- Initially, tap the Start button, now tap Run, keyboard regedt32, or regedit, and after that, click Ok.
- Now to impair JScript execution in Internet Zone, place the following registry subkey in Registry Editor:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZones3140D
- And to impair JScript execution in Restricted Sites Zone, place the following registry subkey in Registry Editor:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZones4140D
- After that, right-click the relevant registry subkey, and then tap the Modify.
- Now in the Edit DWORD (32-bit) Value dialog box, type 3.
- Lastly, tap OK, and then restart the IE.
Manually edit the registry and disable JScript execution in IE for Restricted Sites Zone
Now, if the user wants to edit the registry and impair the JScript in Internet Explorer for Restricted Sites area, then they must follow the step that we have mentioned below:-
- At first, tap the Start button, now click Run, type regedt32 or regedit, and then tap Ok.
- Now to impair the competed application, determine the following registry subkey in Registry Editor:
HKEY_LOCAL_MACHINESOFTWAREWOW6432NodeMicrosoftWindowsCurrentVersionInternet SettingsZones3140D
- After that, create a registry value of type DWORD and name it EnableJScriptMitigation, in an appropriate subfolder.
- Now go to the Edit DWORD (32-bit) Value dialog box and type 1.
- Finally, now click on “Ok”, that’s it.
Scripts from MSXML
Users must have the Monthly Rollup (MR) or both the Security-Only (SO) update and the Internet Explorer Cumulative Update (IECU) to use the feature MSXML if they are operating Windows 8 or Windows 8.1.
Moreover, to enable the feature by utilizing a feature control key, the user must also modify the registry keys to restrict JScript from being loaded via MSXML. Some steps are to be followed to perform restrict JScript from accomplishing the scripts from MSXML3 and MSXML6:
- Tap the Start button, click Run, and type regedt32 or regedit; after that, click Ok.
- To impair the script execution by MSXML3 and MSXML6, place the following registry subkey in Registry Editor:
In the case of x86-based devices
- For MSXML3: HKEY_LOCAL_MACHINESOFTWAREMicrosoftMSXML30
- For MSXML6: HKEY_LOCAL_MACHINESOFTWAREMicrosoftMSXML60
In the case of x64-based devices
- For MSXML3: HKEY_LOCAL_MACHINESOFTWAREWOW6432NodeMicrosoftMSXML30
- For MSXML6: HKEY_LOCAL_MACHINESOFTWAREWOW6432NodeMicrosoftMSXML60
- Now, create a suitable subfolder, build a registry value of type DWORD and mention it EnableJScriptMitigation.
- After that, in the Edit DWORD (32-bit) Value dialog box, type 1.
- Then click, Ok.
Mitigations
Once the setting is applied, the Internet Explorer will not operate the JScript from websites that utilize Internet Explorer’s legacy document methods, in the Internet Zone or Restricted Sites Zone.
However, to recover the JScript execution in a Security Zone, fix the identical registry subkey to 0, and then restart the IE (Internet Explorer).
Before you put in these settings when you operate Windows 8, Windows 8.1, Windows 10 (version 1507), Windows 10 (version 1703), or Windows 10 (version 1709) on your device, the feature must be allowed by an Internet feature control key.
For further instructions about configuring a feature control key, simply check the Internet Feature Control Keys problem on the Microsoft Docs website.
However, Microsoft will remain to implement all security updates for JScript through the latest increasing updates for Windows 10, and Collective Updates for IE (Internet Explorer) 11 or Monthly updates for the Windows 8.1, Windows Embedded 8 Standard, and Windows Server 2012.
You can follow us on Linkedin, Twitter, Facebook for daily Cyber security and hacking news updates.
