scripting Archives

Winsage

August 13, 2025

Microsoft removes PowerShell 2.0 from Windows 11, Windows Server

Microsoft is removing PowerShell 2.0 from Windows 11 version 24H2 in August and from Windows Server 2025 in September. This follows its earlier removal for Windows Insiders in July 2025. Users relying on legacy scripts or software that depend on PowerShell 2.0 must update their systems or implement workarounds to avoid disruptions. PowerShell 5.1 and PowerShell 7.x will remain available and supported. Customers using older Microsoft server products like Exchange, SharePoint, and SQL Server will be directly affected. Microsoft recommends migrating scripts and tools to PowerShell 5.1 or 7 and replacing outdated software that requires PowerShell 2.0 support.

Winsage

August 7, 2025

These 9 File Explorer alternatives make your Windows PC so much better

Windows Explorer has a basic interface that can hinder file management, prompting the development of alternative "commander" tools. These alternatives include single-window and dual-window applications designed to improve file management on Windows PCs. Free Commander XE features a dual-window layout with tabs for quick access and modern icons, allowing users to manage ZIP files and synchronize folders. Multi Commander also uses a dual-window approach, supports bulk file renaming, and offers a portable version. Double Commander is an open-source option with a familiar interface, capable of creating symbolic links and synchronizing folders. One Commander allows toggling between single and dual-window views and includes customizable features. Paid file managers like Total Commander, SpeedCommander, and XYplorer offer advanced functionalities, including FTP capabilities and scripting options. Q-Dir can open four windows simultaneously and provides extensive customization. File Voyager features a two-window view but may have stability issues. For Android devices, Google Files, Total Commander, and X-plore are notable file management apps, each offering various features for organizing and accessing files.

Winsage

August 3, 2025

5 Windows PowerShell commands every power user should know

Microsoft has transitioned from the traditional command prompt to Windows PowerShell, a command-line interface tool designed for scripting and task automation. Key commands in PowerShell include: 1. Get-Process: Retrieves information about processes running on a local computer or a remote server, including process names, IDs, CPU usage, and memory consumption. Example usage includes filtering processes by memory usage or specific applications. 2. Get-Command: Lists all available commands within PowerShell, including cmdlets, functions, aliases, and scripts. It helps users discover commands for specific tasks. 3. Set-ExecutionPolicy: Configures the PowerShell script execution policy, determining whether scripts can run and under what conditions. It allows power users to adjust policies for executing custom scripts. 4. Get-EventLog: Accesses detailed system logs for troubleshooting errors or auditing system activity, including warnings and security breaches. It can filter logs based on criteria like log name and entry type. 5. Where-Object: Filters objects in a pipeline based on specified conditions, allowing users to narrow down results for analysis, reporting, and automation. It can be combined with other commands for enhanced functionality.

Winsage

July 11, 2025

Microsoft enables JScript9Legacy scripting engine to improve Windows 11 security

Microsoft is phasing out JScript in Windows 11 24H2 in favor of JScript9Legacy to enhance security. JScript9Legacy is enabled by default and will manage all scripting processes previously reliant on JScript without requiring user action. This new scripting engine offers improved performance, compatibility with modern web standards, and advanced security features to mitigate risks such as cross-site scripting (XSS). The transition is designed to be seamless, although Microsoft has not provided procedures for reverting to JScript if compatibility issues arise. The change is limited to Windows 11 24H2, with no updates planned for earlier Windows versions.

Winsage

July 11, 2025

Windows 11 24H2 standardizes its scripting engine

Microsoft has announced that starting with Windows 11 version 24H2, the JScript9Legacy engine will be enabled by default for all scripting processes that previously relied on the classic JScript engine. This new engine offers improved protection against threats like cross-site scripting (XSS) and enhances performance. Users will not need to take any action, as existing scripts will continue to function normally. In case of compatibility issues, organizations can revert to the previous engine temporarily. The transition marks the retirement of JScript, which has been part of Windows since 1996, as it is now considered outdated and vulnerable. Microsoft has decided to discontinue support for JScript due to the retirement of Internet Explorer and the adoption of the Edge browser. This update applies only to Windows 11 version 24H2 and later, while older versions will still use the original JScript engine.

Winsage

July 11, 2025

Windows 11 now uses JScript9Legacy engine for improved security

Microsoft has replaced the default scripting engine JScript with JScript9Legacy in Windows 11, version 24H2 and beyond to enhance security against web threats, particularly cross-site scripting (XSS) vulnerabilities. JScript, which has been in use since 1996, has become outdated and non-compliant with modern security standards. JScript9Legacy is designed to meet legacy scripting needs while improving security and compatibility. The transition to JScript9Legacy will occur automatically for users, and existing scripts should continue to function without disruption. If compatibility issues arise, users can revert to the previous engine with support from Microsoft.

Winsage

July 10, 2025

If you haven’t upgraded to Windows 11 24H2 yet, Microsoft’s giving you a good reason to do so

Microsoft has rolled out version 24H2 of Windows 11, enhancing its security framework by updating the scripting engine from JScript to JScript9Legacy. This upgrade improves performance for applications and web pages using JScript and reduces the likelihood of security breaches, particularly from cross-site scripting (XSS) and web-based attacks. The new engine features enhanced management of JavaScript objects and stricter execution policies, increasing resilience against malicious scripts. Windows 11 24H2 has a more robust security posture than its predecessor, 23H2, and the upgrade will become compulsory. Windows 11 25H2 is expected to include similar security improvements.

Winsage

July 9, 2025

Zero Day Initiative — The July 2025 Security Update Review

In July 2025, Adobe released 13 bulletins addressing 60 unique CVEs across various applications, including ColdFusion, After Effects, and Illustrator. ColdFusion received a Priority 1 patch for 13 CVEs, five of which are Critical. FrameMaker's patch fixed 15 CVEs, including 13 Critical vulnerabilities. Illustrator's update addressed 10 bugs, with the most severe enabling code execution. Other applications like InCopy and InDesign also had Critical vulnerabilities fixed. Microsoft released 130 new CVEs across its products, with 10 rated Critical. Notable vulnerabilities include CVE-2025-47981, a heap-based buffer overflow in Windows SPNEGO, and CVE-2025-49717 affecting Microsoft SQL Server. CVE-2025-49704 allows code injection in SharePoint, while CVE-2025-49695 highlights an attack vector in Microsoft Office's Preview Pane.

Winsage

July 8, 2025

Microsoft Deprecates PowerShell 2.0 in Windows 11 Over Security Flaws

Microsoft has rolled out Windows 11 Insider Preview Build 27891 to the Canary Channel, which includes the removal of Windows PowerShell 2.0. The update features several critical system fixes, including: - Correction of the “Reset this PC” feature under Settings > System > Recovery. - Resolution of an issue affecting the taskbar's acrylic material effect. - Fix for Windows Update downloads that stalled at 2%. - Correction of character rendering problems for languages like Vietnamese and Arabic. Enhancements in File Explorer include a dropdown menu in the address bar that shows the complete folder path. Stability improvements in Settings aim to prevent crashes when accessing microphone properties or Bluetooth settings, although a new known issue may cause crashes in Settings > System > Power & Battery. Task Manager now features updated CPU utility calculations. The Microsoft Store has been updated to allow users to install apps and games directly from the top featured sections. Known issues include potential loss of Windows Hello PIN on Copilot+ PCs, graphical distortion for Remote Desktop users on Arm64 PCs, and incomplete localization of some features. Transitioning out of the Canary Channel requires a clean installation of Windows 11.

Tech Optimizer

July 7, 2025

XWorm RAT Deploys New Stagers and Loaders to Bypass Defenses

The XWorm Remote Access Trojan (RAT) has evolved its attack strategies by incorporating advanced stagers and loaders to evade detection. It is known for its capabilities, including keylogging, remote desktop access, data exfiltration, and command execution, and is particularly targeted at the software supply chain and gaming sectors. Recent campaigns have paired XWorm with AsyncRAT for initial access before deploying ransomware using the leaked LockBit Black builder. XWorm utilizes various file formats and scripting languages for payload delivery, often through phishing campaigns with deceptive lures like invoices and shipping notifications. It employs obfuscation techniques, including Base64 encoding and AES encryption, and manipulates Windows security features to avoid detection. Persistence mechanisms such as registry run keys and scheduled tasks ensure sustained access. XWorm conducts system reconnaissance, queries for antivirus software, and attempts to disable Microsoft Defender. It can propagate via removable media and execute commands from command-and-control servers. The Splunk Threat Research Team has developed detections for suspicious activities related to XWorm infections. Indicators of compromise include various file hashes for different scripts and loaders associated with XWorm.