Microsoft has recently announced its plans to retire VBScript in future releases of Windows [1]. This decision is aimed at enhancing security and preventing the delivery of malware.
Description
In 2019 [3], Microsoft disabled VBScript by default in Internet Explorer [3], and now it will be completely removed from Windows [3]. The main reason behind this move is that VBScript is considered a legacy scripting language with declining usage and potential security concerns. Microsoft recommends migrating to more modern and secure Windows-supported scripting languages like PowerShell [4]. Users will have the option to use VBScript until it is completely removed from the operating system [5], as Microsoft plans to make it available on request as an on-demand feature [5].
It is worth noting that VBScript has been exploited by threat actors to run malicious scripts on Windows machines, especially after Microsoft’s decision to block macros by default [2]. Notable examples of malware that have utilized VBScript include the “ILoveYou” worm from 2000 [2], as well as more recent threats like Emotet [2], QakBot [2], and Dark Gate [2].
While Microsoft has not provided a specific timeline for the full removal of VBScript [2], they have stated that the feature will be preinstalled to allow for uninterrupted use during the transition period [2]. In addition to deprecating VBScript, Microsoft has also phased out other features like WordPad and Cortana.
Conclusion
The retirement of VBScript by Microsoft will have significant impacts on the security of Windows systems. By removing this legacy scripting language, Microsoft aims to enhance security and prevent the delivery of malware [5]. Users are encouraged to migrate to more modern and secure scripting languages like PowerShell. The availability of VBScript as an on-demand feature until its complete removal provides a transition period for users. It is important to note that VBScript has been exploited by threat actors in the past, highlighting the need for this retirement. Microsoft’s decision to phase out other features like WordPad and Cortana further demonstrates their commitment to improving the overall security and functionality of Windows.
References
[1] https://beamstart.com/news/microsoft-is-deprecating-vbscript-in-1697022078280
[2] https://www.darkreading.com/cloud/microsoft-retire-vbscript-cybercrime-chagrin
[3] https://news.thewindowsclub.com/microsoft-to-kill-vbscript-in-windows-108458/
[4] https://www.onmsft.com/news/after-27-years-of-its-existence-microsoft-deprecates-vbscript-for-windows-11-and-10/
[5] https://www.anoopcnair.com/microsoft-planning-remove-vbscript-from-windows/
