Microsoft is killing off this Windows feature to stop it being hijacked for malware delivery
If you’re a fan of VBScript, we’ve got some bad news, as Microsoft has announced that future releases of Windows won’t include the scripting language, which will now only be available on demand.
“VBScript is becoming obsolete,” Microsoft said in one update message. “In future versions of Windows, VBScript will be available as an on-demand feature before it is removed from the operating system.”
VBScript, or Visual Basic Scripting Language, was first released in 1996 and was mainly used for task automation. The latest version, released in 2010, is 5.8, but struggled against a more powerful competitor PowerShell, released in 2006.
Malware vector
“Microsoft Visual Basic Scripting Edition brings active scripting to a wide variety of environments, including web client scripting in Microsoft Internet Explorer and web server scripting in Microsoft Internet Information Service,” Microsoft describes the tool.
However, other browser makers have never gotten excited about VBScript, with web developers mostly leaning toward JavaScript for client-side tasks. The news doesn’t come out of the blue either, as Microsoft deprecated VBScript in its iconic Internet Explorer (IE) platform several years ago, before disabling it two years later and retiring the entire browser in 2022.
While being pushed into irrelevance by more powerful competitors may be one reason for the language’s demise, security concerns may be another.
Microsoft hasn’t said that specifically, but… BleepingComputer speculates that VBScript was a “common infection vector used by threat actors to infect Windows systems with malicious payloads.” The Register also appears to agree with this assessment, saying that Microsoft’s planned discontinuation of VBScript “may be partly driven by security concerns, as VBScript may be a malware vector.”
Through The register