Microsoft Announces Removal of VBScript in Future Releases

VBScript to be Removed in Future Windows Releases

VBScript (Visual Basic Script), after being used for 27 years, the tech giant – “Microsoft” officially announced its deprecation from future Windows versions. The Windows team made this announcement in their recent update, which includes a list of “Deprecated features for Windows clients.”

The official statement from Microsoft reads, “VBScript is being deprecated. In future Windows releases, VBScript will be available as a feature on-demand before its removal from the operating system.”

Initially, the VBScript feature on demand will come preinstalled to ensure uninterrupted use, allowing users to adapt to the absence of VBScript.

Why is Microsoft Deprecating VBScript from Windows?

The reason behind VBScript’s deprecation is – “Security Issues.” It was found that cyber criminals were exploiting VBScript, an interpreted script language,to distribute malware like – Qbot, Emotet, Lokibot, DarkGate, etc. Because of this, Microsoft never managed to get different browser designers to support VBScript.

After malware distribution information came to light, Microsoft gradually started reducing the language’s presence in its products. In 2017, VBScript was disabled by default in “Internet Explorer 10 for Windows 10.” Currently, it is not being utilized (absent) in the – Microsoft new Edge browser.

Another reason behind VBScript’s deprecation is that – considerable years have passed since this language has seen noteworthy updates, making it outdated. In contrast, modern languages such as Python, JavaScript, and many more far surpass it in terms of – capabilities.

In 2019, Microsoft removed the VBScript option in Internet Explorer (version 11) for Windows – 7, 8, and 8.1. And with this announcement (removal of VBScript), Microsoft marks the completion of this transition.

What Are the Common Categories (Types) of VBScript Malware?

VBS-based RATs:

RATs are malware that pretend to be legit software. They let attackers remotely access and control compromised systems. Some RATs use VBScript for Command-and-Control communication.

VBS Downloaders:

Downloaders are malicious VBScript-based tools used to fetch & execute harmful content from the internet. They excel at downloading and executing “n” number of malicious payloads, like – software, adware, and code.

Recommended: Top 10 Security Tips to Prevent Downloading Malicious Code or Data

VBS Macro Malware:

Cybercriminals use macros in Office documents to deliver malware via phishing emails. Macros act as a vehicle for malware delivery, targeting unsuspecting users. Microsoft disabled macros by default in 2022 and started blocking them in MotW-labeled Office files. The phasing out of VBScript could impact cybercriminals, forcing them to adopt new techniques for delivering malware.


The removal of VBScript might introduce concerns among developers who have relied on it. However, the impact is predicted to be minimal because the prevalence of developers has already shifted to more secure and modern scripting languages like -Javascript for client-side tasks due to security concerns.

Recommended: Windows Security: Detailed Guide to Understand Security Baselines

Janki Mehta

Janki Mehta

Janki Mehta is a Cyber-Security Enthusiast who constantly updates herself with new advancements in the Web/Cyber Security niche. Along with theoretical knowledge, she also implements her practical expertise in day-to-day tasks and helps others to protect themselves from threats.

Leave a comment

Your email address will not be published. Required fields are marked *