How much time is left for users to adapt their systems?
Microsoft plans to gradually eliminate the use of the VBScript scripting language (Visual Basic Script) in the Windows operating system. This process will unfold in three stages, starting in the second half of 2024.
At the first stage, in the upcoming version of Windows 11 24H2, which is scheduled for release at the end of this year, VBScript support will be transferred to the category of additional components (Feature on Demand, FOD). Optional components such as .NET Framework, Hyper-V, the Windows Subsystem for Linux, is not installed by default, but can be added at the user's request.
"Over time, more modern and functional programming languages have emerged, such as JavaScript and PowerShell, which are better suited for developing web applications and automating tasks," said Navin Shankar, Microsoft Program Manager.
At the second stage, approximately in 2027, VBScript will still be listed in additional components, but it will no longer be pre-installed in Windows.
Finally, as part of the third final phase of decommissioning, VBScript will finally disappear from future builds of Windows. All associated dynamic libraries (. dll files) will be completely deleted, and projects that use this language will no longer function.
The VBScript language, which appeared 30 years ago with the Internet Explorer browser, was designed to automate tasks and manage applications through the Windows Script shell. However, over time, attackers began to actively use it as a tool for spreading malware, such as Lokibot, Emotet, Qbot and the recently discovered DarkGate viruses.
The decommissioning of VBScript is part of Microsoft's larger strategy to eliminate Windows and Office components that can serve as attack vectors and help infect user systems with malware. Previously, the company has already disabled VBScript by default in Internet Explorer 11 for Windows 10, banned the use of Excel 4.0 macros (XLM), introduced mandatory blocking of VBA macros in the office suite, implemented protection against XLM macros, and started blocking unwanted XLL add-ons for Microsoft 365 customers around the world.
These measures date back to 2018, when Microsoft extended support for its own anti-virus scanning interface (AMSI) to Office 365 client applications, thereby limiting attacks using Office VBA macros.
Microsoft plans to gradually eliminate the use of the VBScript scripting language (Visual Basic Script) in the Windows operating system. This process will unfold in three stages, starting in the second half of 2024.
At the first stage, in the upcoming version of Windows 11 24H2, which is scheduled for release at the end of this year, VBScript support will be transferred to the category of additional components (Feature on Demand, FOD). Optional components such as .NET Framework, Hyper-V, the Windows Subsystem for Linux, is not installed by default, but can be added at the user's request.
"Over time, more modern and functional programming languages have emerged, such as JavaScript and PowerShell, which are better suited for developing web applications and automating tasks," said Navin Shankar, Microsoft Program Manager.
At the second stage, approximately in 2027, VBScript will still be listed in additional components, but it will no longer be pre-installed in Windows.
Finally, as part of the third final phase of decommissioning, VBScript will finally disappear from future builds of Windows. All associated dynamic libraries (. dll files) will be completely deleted, and projects that use this language will no longer function.
The VBScript language, which appeared 30 years ago with the Internet Explorer browser, was designed to automate tasks and manage applications through the Windows Script shell. However, over time, attackers began to actively use it as a tool for spreading malware, such as Lokibot, Emotet, Qbot and the recently discovered DarkGate viruses.
The decommissioning of VBScript is part of Microsoft's larger strategy to eliminate Windows and Office components that can serve as attack vectors and help infect user systems with malware. Previously, the company has already disabled VBScript by default in Internet Explorer 11 for Windows 10, banned the use of Excel 4.0 macros (XLM), introduced mandatory blocking of VBA macros in the office suite, implemented protection against XLM macros, and started blocking unwanted XLL add-ons for Microsoft 365 customers around the world.
These measures date back to 2018, when Microsoft extended support for its own anti-virus scanning interface (AMSI) to Office 365 client applications, thereby limiting attacks using Office VBA macros.
