Microsoft plans to phase out VBScript in future versions of Windows after 30 years of use, making it an on-demand feature until the company removes it.
In August 1996, Microsoft introduced VBScript, a programming language similar to the Visual Basic programming language, also known as Visual Basic Script.
VBScript connects to the Internet Explorer web browser (which the company discontinued in February), provides active scripting in some versions of Windows 10, and communicates with host applications via Windows Script.
VBScript, once a useful scripting language, became a security nightmare, and the company replaced it with PowerShell to automate tasks and manage settings.
“We are working to eliminate VBScript,” the company said. VBScript will be available as an on-demand feature in future versions of Windows before it is removed from the operating system. On-demand features come pre-installed with VBScript, allowing uninterrupted use when you are ready to turn off VBScript. New versions of Windows remove features and functionality while adding modern options. "
On-demand features are optional features in Windows operating systems such as DotNetFx3 and Hyper-V that are not installed by default but can be added as needed.
With the July 2019 Cumulative Update, Microsoft disabled the VBScript feature in Internet Explorer 11 on Windows 10 by default.
The company has yet to officially explain why VBScript was deprecated, though Microsoft's decision to kill VBScript may have something to do with the early shutdown of Internet Explorer this year, which ended a vector that allowed malicious actors to exploit Windows Infect systems with malware.
The move is part of a broader strategy to limit the spread of malware campaigns that exploit various features of Windows and Office to infect.
Criminals use VBScript to spread malware such as Lokibot, Emotet, Qbot, and DarkGate on victims' computers.
The work dates back to 2018, when the company expanded support for the malware scanning interface for Office 365 applications, reducing attacks using VBA macros.
The company then disabled XLM macros in Excel 4.0, introduced XLM Macro Protection, enforced blocking of VBA macros by default in Office, and began blocking untrusted XLL add-ins by default in Microsoft 365 tenants.