Microsoft may disable VBScript early in Windows 11 24H2 25H2, shares detailed official guide

Microsoft, from time to time, kills off various features in its apps. The company explained in detail earlier this year how this is good for users.

Most recently, Microsoft announced the deprecation of Bing Search APIs and another Edge feature in favor of something more standard and secure. The company also confirmed some major changes to Windows hardware drivers as it announced the deprecation of Windows Device metadata and the Windows Metadata and Internet Services (WMIS). Meanwhile, an Excel feature is also going away as the company feels it's not worth the effort and cost to maintain support for it.

Likewise, VBScript removal has also been on Microsoft's radar for a while. The company first expressed the desire to remove it back in May 2023. Later that year, in October, Microsoft officially deprecated it.

However, if you are not familiar, a deprecation announcement does not automatically mean that the feature goes away overnight. Instead, the feature is marked for removal and enters its "deprecation phase." This phase, as Microsoft explained before, is meant to help organisations reliant on such a feature move on.

As such, Microsoft had provided a timeline of events in May 2024 and divided the deprecation phase into three parts. The first phase is ongoing as VBScript is still enabled by default as a feature on demand (FOD).

This is where things get tricky, though. Microsoft had previously mentioned in its timeline that VBScript FOD would be disabled by around 2027, and that would coincide with future Windows updates in 2026 and 2027.

Microsoft's latest guidance post, published today, about VBScript removal suggests that the FOD accessibility may be removed early in version 24H2 itself or perhaps in 25H2 (there are already traces of version 25H2). The company writes:

At the current deprecation phase of VBScript, it's available as a feature on demand (FOD) and is enabled by default in Windows 11, version 24H2. Before VBScript is disabled by default on these and future OS versions, it's critical that you to identify where and how vbscript.dll is still being used within your enterprise environment.

Thus, the wording seems to suggest that VBScript might go away early as a default FOD, and this may also be why the company has shared this new guidance to help companies move on faster. Regardless, it is now time to "proactively disable VBScript on Windows 11," says the tech giant.

In this guide, Microsoft has highlighted four mechanisms that can help an enterprise detect the usage of VBScript in their workflow so that they can take the next necessary steps to remove all dynamic link libraries (.dll files) based on VBScript.

The company has recommended using its official SysMon (System Monitor) utility to trace and track down VBScript DLLs and review VBScript dependencies like those related Group Policy and PowerShell scripts for logon, logoff, startup, shutdown, scheduled tasks, as well as those for invoking VBScript.

To help, Microsoft has also provided a PowerShell script to scan for VBScript files across the system:

$pathsToScan = @("C:\Users", "C:\ProgramData", "C:\Scripts")
$logPath = "C:\VBSScriptScan\VbsFiles_$(hostname).csv"
$results = foreach ($path in $pathsToScan) {
   if (Test-Path $path) {
       Get-ChildItem -Path $path -Filter *.vbs -Recurse -ErrorAction SilentlyContinue |
           Select-Object FullName, LastWriteTime, Length
   }
}

Speaking of PowerShell scripts, Microsoft has also provided another sample script for detecting the presence of embedded VBScript in Microsoft Installer (MSI) packages:

Get-ChildItem -Path "C:\MSIRepo" -Recurse -Filter *.msi | ForEach-Object {
    $msiPath = $_.FullName
    $sql = "SELECT * FROM CustomAction"
    $installer = New-Object -ComObject WindowsInstaller.Installer
    $database = $installer.GetType().InvokeMember("OpenDatabase", "InvokeMethod", $null, $installer, @($msiPath, 0))
    $view = $database.OpenView($sql)
    $view.Execute()
    $record = $view.Fetch()
    while ($record -ne $null) {
        $actionName = $record.StringData(1)
        $actionType = [int]$record.StringData(2)
        if ($actionType -eq 6 -or $actionType -eq 38 -or $actionType -eq 50) {
            Write-Output "⚠ VBScript Custom Action: $actionName in $msiPath"
        }
        $record = $view.Fetch()
    }

As mentioned above, Microsoft recommends proactively disabling VBScript on Windows 11 from now on. The company has explained how to do so once an enterprise has detected VBScript usage in its systems:

Use the following Deployment Image Servicing and Management (DISM) command to do so: Dism /Online /Remove-Capability /CapabilityName:VBSCRIPT~~~~

 

Use Microsoft Intune, GPO Startup Scripts, or Microsoft Configuration Manager to deploy this command across your fleet.

Upon running the above DISM command, Microsoft says that VBScript will be disabled. Thus, all processes attempting to use VBScript will be blocked and will either "fail silently or with errors." You can read the blog post here on Microsoft's official Tech Community website.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of April): 1,811

RIP Matrix | Farewell my friend