In the October security update, Microsoft has added an option that will allow system admin to disable JScript in Internet Explorer. From now a system administrator can disable JScript component.
JScript was first supported in Internet Explorer 3.0. JScript development was stopped after Internet Explorer 8.0 release but the engine remained in the OS as a legacy component inside IE. The original JScript is an Active Scripting engine.
Since Microsoft wasn’t active on JScript malicious attacker realised that they can attack the JScript engine and over past years threat actors were actively exploiting CVE-2018-8653, CVE-2019-1367, CVE-2019-1429, and CVE-2020-0674 most recent JScript zero days.
After Microsoft ships the emergency security patch a proof of code is also uploaded on the GitHub and these vulnerabilities goes into the exploit bag of the exploit developers.
Now Microsoft is finally giving system administrators a way to disable JScript execution in Internet Explorer by default.
In the October 2020 patch, Microsoft released registry keys that system admins can apply and block the jscript.dll from execution codes.
Here are the steps to disable JScript in Internet Explorer as taken from Microsoft documentation.
Step 1: Press Ctrl+R and type regedt32 or regedit, and then click Ok
Step 2: To disable JScript execution in Internet Zone locate the following registry subkey in Registry Editor:
Step 3: Right-click on appropriate registry subkey, and then click on Modify.
Step 4: In the appropriate subfolder, create a registry value of type DWORD and name it EnableJScriptMitigation.
Step 5:In the Edit DWORD (32-bit) Value dialog box, type 1.
Step 6: Click Ok.