New Update After killing MSDT, Microsoft looks to add VBScript removal in Windows 11 23H2 (Moment 4)

[Gandalf_The_Grey]

Right at the end of February, Microsoft rolled out its Moment 2 update (KB5022913) and as one would expect from such a major release, the changelog was massive, detailing lots of smaller improvements and fixes. Following that, the Beta channel has moved into the new build 22624 territory (KB5023011), which means Beta users have now begun receiving Moment 3 features.

Meanwhile, over on the Dev channel, Windows Insiders are getting a taste of features and changes that should be in the Moment 4 Update. It is expected that Moment 4 will release in the second half of 2023 and will be the Windows 11 version 23H2 feature update. The latest Dev build 25309 brings in many big changes, including a move to WinUI 3 from WinUI 2, a new OOBE, and many more improvements. The previously leaked volume mixer is also available now.

Aside from these announced features, build 25309 also has some unannounced features too, one of which happens to be the option to uninstall VBScript. The uninstall option also cautions users about the security vulnerabilities of VBScript.

VBScript or Visual Basic Script is a legacy active scripting language and engine that has been exploited several times to spread malware, which led Microsoft to disable it inside Internet Explorer. Overall, it looks like Microsoft is trying to make the next gen Windows 11 more secure, seeing how it follows the recent official announcement of the MSDT deprecation.

After killing MSDT, Microsoft looks to add VBScript removal in Windows 11 23H2 (Moment 4)

Microsoft recently deprecated MSDT to make Windows 11 more secure, because threat actors exploited it for nefarious reasons. Following that, the company is now adding an option to uninstall VBScipt.

www.neowin.net

 

[ForgottenSeer 98186]

Aside from these announced features, build 25309 also has some unannounced features too, one of which happens to be the option to uninstall VBScript. The uninstall option also cautions users about the security vulnerabilities of VBScript.

VBScript or Visual Basic Script is a legacy active scripting language and engine that has been exploited several times to spread malware, which led Microsoft to disable it inside Internet Explorer. Overall, it looks like Microsoft is trying to make the next gen Windows 11 more secure, seeing how it follows the recent official announcement of the MSDT deprecation.

It's dead Jim! It's dead!

But it is much more secure to simply disable Windows Scripting Host because it can still execute .js, .jse, .wsf, .wsh scripts.

Microsoft has offered the option to disable wscript.exe on any version or edition of Windows for years by setting these two registry keys:

HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\

Create (if it doesn't exist already) a new REG_DWORD key, call it Enabled and assign a value of 0 (zero) to it.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings\

Create (if it doesn't exist already) a new REG_DWORD key, call it Enabled and assign a value of 0 (zero) to it.

 

[TairikuOkami]

Microsoft looks to add VBScript removal in Windows 11 23H2​

About time, I disable it since XP. Now, lets re-evaluate PowerShell 2.0, Constrained Language does not help much, if malware can fall back to PS 2.0

But it is much more secure to simply disable Windows Scripting Host because it can still execute .js, .jse, .wsf, .wsh scripts.

To disable WSH on x64, you are supposed to use WOW6432Node as well, but I also use DisallowRun, just to be sure.

reg add "HKLM\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f
reg add "HKLM\Software\WOW6432Node\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "DisallowRun" /t REG_DWORD /d "1" /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "11" /t REG_SZ /d "cscript.exe" /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "50" /t REG_SZ /d "wscript.exe" /f

 

[ForgottenSeer 98186]

To disable WSH on x64, you are supposed to use WOW6432Node as well, but I also use DisallowRun, just to be sure.

The above 2 keys block sysnative (SysWOW64) abuse of wscript and cscript.

Perhaps there is a way to circumvent it via runspace or namespace trickery. It's possible. So your additional rules might patch that trickery. You are doubly-insured.

 

[Zero Knowledge]

Goodbye and good riddance! MS needs to get rid of a lot of junk left over from years past!

 

[ForgottenSeer 98186]

Now, lets re-evaluate PowerShell 2.0, Constrained Language does not help much, if malware can fall back to PS 2.0

It is ridiculous that Microsoft still ships Windows with PowerShell version 2.0 enabled by default.

PoSh 2.0 is a perfect example of Microsoft saying something is "deprecated" but then does not remove it.