When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Microsoft just gave a big reason to upgrade to Windows 11 24H2 with faster, more secure web

Microsoft has announced a new major change for Windows 11 24H2 and upcoming versions like 25H2 that is meant to make the OS a lot more secure and faster on the web.

Neowin · · Hot! with 23 comments

24H2 on top of mountains

Microsoft today has announced that it has enabled JScript9Legacy as the default scripting engine in Windows 11 24H2 and newer versions like 25H2, thus replacing the decades-old JScript runtime. The company says that Windows 11 users will now benefit from the "improved performance and security features the new JScriptLegacy scripting engine offers."

By switching to JScript9Legacy, Microsoft says that it aims to reduce vulnerabilities tied to legacy scripting like cross-site scripting (XSS), among others. XSS exploits allow cyber-attackers to attach malicious code onto legitimate websites and use them to execute the code when a potential victim loads such a website.

In the past, Windows has shown that it is vulnerable to scripting engine attacks. Even as recently as August of 2024, Microsoft issued patches for a remote code execution flaw under CVE-2024-38178. And the web is indeed a dangerous place, especially for novice Windows users.

The new JScript9Legacy engine enforces stricter execution policies and improved object handling, which should help mitigate XSS-like attacks. To put it simply, for enterprises and home users alike, this change should help protect against web-based threats that exploit outdated script engines.

If you recall, Microsoft made similar changes for Edge earlier with the default Enhanced Security mode.

For those who may not be familiar, JScript has powered Windows scripting since the late 1990s and first made its debut with Internet Explorer 3.0. Its compatibility with a broad range of web content made it widespread, but also leaves thousands of systems exposed to modern attack vectors.

According to Microsoft, the new engine replaces JScript.dll with JScript9Legacy.dll and the shift is designed to maintain backward compatibility for existing scripts while offering more robust security on the latest version of Windows. Microsoft notes that "no additional action is required from you to benefit from JScript9Legacy, nor will it impact existing workflows", and thus for most users, no further action is required.

You can find the announcement post here on Microsoft's Tech Community website.

AMD Ryzen processor render
Next Article

AMD's Ryzen 9600X 6-core AM5 CPU is just $156 if you have Amazon Prime

The items in GameStops Switch 2 stapler auction on eBay
Previous Article

GameStop is selling infamous Nintendo Switch 2 stapler in crazy auction, now at $17,000

23 Comments

Load the comments and join the conversation!

Read the comments, ask the editors questions, show respect and join the conversation.

Click here