scripting Archives

Winsage

July 11, 2025

Microsoft enables JScript9Legacy scripting engine to improve Windows 11 security

Microsoft is phasing out JScript in Windows 11 24H2 in favor of JScript9Legacy to enhance security. JScript9Legacy is enabled by default and will manage all scripting processes previously reliant on JScript without requiring user action. This new scripting engine offers improved performance, compatibility with modern web standards, and advanced security features to mitigate risks such as cross-site scripting (XSS). The transition is designed to be seamless, although Microsoft has not provided procedures for reverting to JScript if compatibility issues arise. The change is limited to Windows 11 24H2, with no updates planned for earlier Windows versions.

Winsage

July 11, 2025

Windows 11 24H2 standardizes its scripting engine

Microsoft has announced that starting with Windows 11 version 24H2, the JScript9Legacy engine will be enabled by default for all scripting processes that previously relied on the classic JScript engine. This new engine offers improved protection against threats like cross-site scripting (XSS) and enhances performance. Users will not need to take any action, as existing scripts will continue to function normally. In case of compatibility issues, organizations can revert to the previous engine temporarily. The transition marks the retirement of JScript, which has been part of Windows since 1996, as it is now considered outdated and vulnerable. Microsoft has decided to discontinue support for JScript due to the retirement of Internet Explorer and the adoption of the Edge browser. This update applies only to Windows 11 version 24H2 and later, while older versions will still use the original JScript engine.

Winsage

July 11, 2025

Windows 11 now uses JScript9Legacy engine for improved security

Microsoft has replaced the default scripting engine JScript with JScript9Legacy in Windows 11, version 24H2 and beyond to enhance security against web threats, particularly cross-site scripting (XSS) vulnerabilities. JScript, which has been in use since 1996, has become outdated and non-compliant with modern security standards. JScript9Legacy is designed to meet legacy scripting needs while improving security and compatibility. The transition to JScript9Legacy will occur automatically for users, and existing scripts should continue to function without disruption. If compatibility issues arise, users can revert to the previous engine with support from Microsoft.

Winsage

July 10, 2025

If you haven’t upgraded to Windows 11 24H2 yet, Microsoft’s giving you a good reason to do so

Microsoft has rolled out version 24H2 of Windows 11, enhancing its security framework by updating the scripting engine from JScript to JScript9Legacy. This upgrade improves performance for applications and web pages using JScript and reduces the likelihood of security breaches, particularly from cross-site scripting (XSS) and web-based attacks. The new engine features enhanced management of JavaScript objects and stricter execution policies, increasing resilience against malicious scripts. Windows 11 24H2 has a more robust security posture than its predecessor, 23H2, and the upgrade will become compulsory. Windows 11 25H2 is expected to include similar security improvements.

Winsage

July 9, 2025

Zero Day Initiative — The July 2025 Security Update Review

In July 2025, Adobe released 13 bulletins addressing 60 unique CVEs across various applications, including ColdFusion, After Effects, and Illustrator. ColdFusion received a Priority 1 patch for 13 CVEs, five of which are Critical. FrameMaker's patch fixed 15 CVEs, including 13 Critical vulnerabilities. Illustrator's update addressed 10 bugs, with the most severe enabling code execution. Other applications like InCopy and InDesign also had Critical vulnerabilities fixed. Microsoft released 130 new CVEs across its products, with 10 rated Critical. Notable vulnerabilities include CVE-2025-47981, a heap-based buffer overflow in Windows SPNEGO, and CVE-2025-49717 affecting Microsoft SQL Server. CVE-2025-49704 allows code injection in SharePoint, while CVE-2025-49695 highlights an attack vector in Microsoft Office's Preview Pane.

Winsage

July 8, 2025

Microsoft Deprecates PowerShell 2.0 in Windows 11 Over Security Flaws

Microsoft has rolled out Windows 11 Insider Preview Build 27891 to the Canary Channel, which includes the removal of Windows PowerShell 2.0. The update features several critical system fixes, including: - Correction of the “Reset this PC” feature under Settings > System > Recovery. - Resolution of an issue affecting the taskbar's acrylic material effect. - Fix for Windows Update downloads that stalled at 2%. - Correction of character rendering problems for languages like Vietnamese and Arabic. Enhancements in File Explorer include a dropdown menu in the address bar that shows the complete folder path. Stability improvements in Settings aim to prevent crashes when accessing microphone properties or Bluetooth settings, although a new known issue may cause crashes in Settings > System > Power & Battery. Task Manager now features updated CPU utility calculations. The Microsoft Store has been updated to allow users to install apps and games directly from the top featured sections. Known issues include potential loss of Windows Hello PIN on Copilot+ PCs, graphical distortion for Remote Desktop users on Arm64 PCs, and incomplete localization of some features. Transitioning out of the Canary Channel requires a clean installation of Windows 11.

Tech Optimizer

July 7, 2025

XWorm RAT Deploys New Stagers and Loaders to Bypass Defenses

The XWorm Remote Access Trojan (RAT) has evolved its attack strategies by incorporating advanced stagers and loaders to evade detection. It is known for its capabilities, including keylogging, remote desktop access, data exfiltration, and command execution, and is particularly targeted at the software supply chain and gaming sectors. Recent campaigns have paired XWorm with AsyncRAT for initial access before deploying ransomware using the leaked LockBit Black builder. XWorm utilizes various file formats and scripting languages for payload delivery, often through phishing campaigns with deceptive lures like invoices and shipping notifications. It employs obfuscation techniques, including Base64 encoding and AES encryption, and manipulates Windows security features to avoid detection. Persistence mechanisms such as registry run keys and scheduled tasks ensure sustained access. XWorm conducts system reconnaissance, queries for antivirus software, and attempts to disable Microsoft Defender. It can propagate via removable media and execute commands from command-and-control servers. The Splunk Threat Research Team has developed detections for suspicious activities related to XWorm infections. Indicators of compromise include various file hashes for different scripts and loaders associated with XWorm.

Tech Optimizer

July 5, 2025

Hackers Abuse Legitimate Inno Setup Installer to Deliver Malware

Cybercriminals are using legitimate software installer frameworks like Inno Setup to distribute malware, taking advantage of its trusted appearance and scripting capabilities. A recent campaign demonstrated how a malicious Inno Setup installer can deliver information-stealing malware, such as RedLine Stealer, through a multi-stage infection process. This process includes evasion techniques like detecting debuggers and sandbox environments, using XOR encryption to obscure strings, and conducting WMI queries to identify malware analysis tools. The installer retrieves a payload from a command-and-control server via a TinyURL link and creates a scheduled task for persistence. The payload employs DLL sideloading to load HijackLoader, which ultimately injects RedLine Stealer into a legitimate process to steal sensitive information. RedLine Stealer uses obfuscation techniques and disables security features in browsers to avoid detection. The Splunk Threat Research Team has developed detection methods focusing on indicators such as unsigned DLL sideloading and suspicious browser behaviors. Indicators of Compromise (IOC): - Malicious Inno Setup Loader Hash 1: 0d5311014c66423261d1069fda108dab33673bd68d697e22adb096db05d851b7 - Malicious Inno Setup Loader Hash 2: 0ee63776197a80de42e164314cea55453aa24d8eabca0b481f778eba7215c160 - Malicious Inno Setup Loader Hash 3: 12876f134bde914fe87b7abb8e6b0727b2ffe9e9334797b7dcbaa1c1ac612ed6 - Malicious Inno Setup Loader Hash 4: 8f55ad8c8dec23576097595d2789c9d53c92a6575e5e53bfbc51699d52d0d30a

Winsage

June 27, 2025

Windows 11 KB5060829 update released with 38 new changes, fixes

Microsoft has released the KB5060829 preview cumulative update for Windows 11 24H2, featuring 38 enhancements, including an improved taskbar and a new PC-to-PC migration experience. This optional update allows Windows administrators to test bug fixes and features before the next Patch Tuesday release. The update focuses on non-security improvements, with the PC-to-PC migration feature expected to roll out in a future update. Adjustments to the taskbar allow for more app icons to be displayed when space is limited. Users can install the update via Settings > Windows Update or manually from the Microsoft Update Catalog. The update elevates Windows 11 24H2 systems to build 26100.4484 and includes fixes for various issues, such as script delays on SMB shares, unresponsive applications when exiting full-screen games, and problems with Windows Hello certificate renewal. A known issue affects CJK text clarity at 96 DPI in Chromium-based browsers. Windows 11 24H2 is broadly deployed, and the Windows 11 2024 Update is being rolled out to eligible Windows 10 22H2 PCs.

AppWizard

June 24, 2025

Ambitious Minecraft Competitor Hytale Canceled After Nearly 7 Years of Development: ‘This Is Not the Outcome Any of Us Wanted’

Hypixel Studios has announced the cancellation of Hytale, a game first unveiled in December 2018 and intended to compete with Minecraft. The studio, backed by Riot Games, is winding down operations following this decision. Despite initial excitement and a trailer that garnered 61 million views, development faced significant challenges, leading to the conclusion that the game could not be realized as originally promised. Co-founder Noxy expressed disappointment and noted that attempts to reduce the game's scope or delay its release were ultimately dismissed. Riot Games also sought potential investors to rescue Hytale, but these efforts were unsuccessful. Affected staff will receive severance packages and support for their future endeavors.