Microsoft announced that it has replaced the default scripting engine JScript with the newer and more secure JScript9Legacy on Windows 11 version 24H2 and later.
The decision is driven by security concerns, as JScript9Legacy is expected to offer better protection against web threats, such as cross-site scripting (XSS), and also improved performance.
"To provide a more secure experience, beginning with Windows 11, version 24H2, JScript9Legacy is enabled by default to handle all scripting processes and operations that previously used JScript," announced Microsoft's Naveen Shankar.
JScript (jscript.dll), introduced in 1996, is Microsoft's implementation of ECMAScript, similar to JavaScript, and was primarily used in Internet Explorer and as a scripting language for Windows to automate tasks, validate forms, or create admin scripts.
The engine is considered severely outdated today, non-compliant with modern JavaScript security standards, and a frequent target of memory corruption, arbitrary code execution, and XSS vulnerabilities triggered through malicious documents, emails, and websites.
Despite its status, it remained the default engine on Windows until now to ensure backward compatibility and avoid breaking workflows in critical systems.
But with Internet Explorer now deprecated and increased adoption of Edge browser, Microsoft is drawing the line and finally replaces JScript with JScript9Legacy (jscript9legacy.dll) starting Windows 11 24H2.
The new engine is a modernized version of JScript9, which can be used outside the browser, and is designed to support legacy scripting needs with better security and compatibility.
No user action is required for the switch to take effect on the latest Windows version, and existing scripts should continue to work as expected.
If compatibility issues arise, Microsoft says a rollback to the old engine is possible by contacting the support team.
8 Common Threats in 2025
While cloud attacks may be growing more sophisticated, attackers still succeed with surprisingly simple techniques.
Drawing from Wiz's detections across thousands of organizations, this report reveals 8 key techniques used by cloud-fluent threat actors.
Related Articles:
Microsoft fixes ‘Print to PDF’ feature broken by Windows update
Microsoft fixes known issue that breaks Windows 11 updates
Windows 11 KB5060842 and KB5060999 cumulative updates released
Microsoft asks users to ignore Windows Firewall config errors
Windows 11 KB5060829 update released with 38 new changes, fixes
Original Article Published at Bleeping Computer
________________________________________________________________________________________________________________________________
