Windows, for years now, has been able to run Microsoft’s version of JavaScript, called JScript. The fish bowl that JScript was designed to live inside was not a web page, but Windows itself.

A new Windows zero-day allows threat actors to use malicious JavaScript files to bypass Mark-of-the-Web security warnings. Threat actors are already seen using the zero-day bug in ransomware attacks.

A flaw in Windows' Javascript validation is allowing ransomware to be downloaded — patch it as soon as you can By Michael Crider Staff Writer, PCWorld Dec 15, 2022 7:48 am PST ...