In context: Windows has included a proprietary JavaScript engine since the release of Internet Explorer 3.0 nearly 30 years ago. Technically, JScript is Microsoft's own dialect of the ECMAScript/JavaScript standard. It was used not only by the Internet Explorer browser but also by third-party applications as a standalone scripting engine for Windows.
Microsoft officially retired JScript years ago, along with proper support for the original Internet Explorer browser. However, the JScript engine still lingers in modern Windows installations, posing potential security risks to the PC ecosystem. In an effort to address these concerns, Microsoft is now replacing the legacy JScript engine with a more secure runtime called JScript9Legacy.
The new runtime is an Active Scripting engine introduced exclusively with Windows 11 version 24H2. It is based on the JScript "Chakra" engine that debuted with Internet Explorer 9. While IE has been discontinued, JavaScript scripting remains supported in the latest Windows editions for compatibility and specific enterprise use cases.
Microsoft recently announced that the JScript9Legacy engine is now enabled by default in Windows 11 24H2. It will handle all scripting processes and operations previously executed using the original JScript engine. Built on JScript9, this updated engine delivers improved performance and enhanced security features.
The new engine was designed to offer better compatibility with modern web standards, the same fundamental reason Microsoft abandoned Internet Explorer and JScript in favor of the Edge/Chromium platform. JScript9Legacy aims to help scripting professionals mitigate security risks associated with cross-site scripting and other web-based attacks.
New security features in JScript9Legacy include improved handling of JavaScript objects and stricter execution policies. These enhancements are intended to make it more difficult for malicious scripts to exploit vulnerabilities and gain control over Windows systems. Microsoft believes the new engine will provide a more secure scripting environment for PC users, although the company continues to release monthly security updates to address XSS and other script-based threats.
JScript9Legacy will replace the legacy JScript engine in Windows 11 version 24H2 and newer builds. All scripting tasks previously handled by JScript will automatically transition to the new jscript9Legacy.dll runtime. No user action is required, and Microsoft does not expect any negative impact on existing scripting workflows.
However, the company acknowledges that unforeseen compatibility issues may still arise. To accommodate enterprise users with specific needs, Microsoft is offering a rollback option to the original JScript engine. Customers requiring support can request detailed instructions through the Windows Services Hub.