11 August 19, 10:06
Quote:Continue Reading
Microsoft announced plans in 2017 to disable VBScript in Internet Explorer 11; the company deprecated the feature but kept it alive for certain environments back then to give organizations enough time to migrate resources that use VBScript to other technologies.
VBScript, which was introduced by Microsoft more than two decades ago, is an active scripting language that is modeled on Visual Basic.
It came to some fame in 2000 when a computer worm known as the I Love You or Love Letter Virus, used it to infect systems. Users would get emails with the subject linke ILOVEYOU and an attachment LOVE-LETTER-FOR-YOU.txt.vbs. Users who opened the attachment would infect their machines with the worm.
One of the problems back then was that Windows hid the actual extension of the attachment so that many Windows users believed that it was a harmless text file.
Infected PCs would send emails using the contacts list to spread to other machines. It would furthermore configure Windows to launch itself on start of the system and modify data in computer files.
Microsoft recommended that Microsoft Internet Explorer users disable VBScript in the browser for the Internet Zone and Restricted Sizes Zone to protect the browser against attacks targeting VBScript.
Administrators and users had to disable VBScript in Internet Explorer manually at the time.
The July 2019 cumulative updates for Windows 10 disabled VBScript by default on machines running Windows 10. The coming August 2019 cumulative updates for Windows 7 Service Pack 1, Windows 8, and Windows 8.1, will do the same on these machines.