NoScript (and NoFlash) for Microsoft Internet Explorer (and Microsoft Office)

Me, myself & IT

NoScript (and NoFlash) for Microsoft^® Internet Explorer (and Microsoft Office)

Purpose
Reason
Implementation: NoScript; NoFlash
Alternative NoFlash Implementation
Additional Restrictions, Safety and Security Settings

Purpose

Disable execution of JScript and VBScript as well as the ActiveX control of the permanent vulnerable Flash Player in Internet Explorer.

Reason

Disable attack vectors widely used by malware.

Implementation

NoScript

Documented in the MSKB articles 883256 and 915729, the following Registry entries disable the JScript and VBScript engines in Internet Explorer 6 and newer versions on all web sites and for all user accounts:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext]
;"RestrictToList"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID]
"{B54F3741-5B07-11CF-A4B0-00AA004A55E8}"="0" ; VBScript Language
"{F414C260-6AC0-11CF-B6D1-00AA00BBBB58}"="0" ; JScript Language

Documented in the MSKB articles 4012494 and 4586060, with cumulative security update 4014661 for Internet Explorer installed, the following Registry entries disable JScript and VBScript in Internet Explorer 10 and 11 for all URL security zones in the current user account:

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\LockDown_Zones\0]
"140C"=dword:00000003
"140D"=dword:00000003

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\LockDown_Zones\1]
"140C"=dword:00000003
"140D"=dword:00000003

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\LockDown_Zones\2]
"140C"=dword:00000003
"140D"=dword:00000003

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\LockDown_Zones\3]
"140C"=dword:00000003
"140D"=dword:00000003

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\LockDown_Zones\4]
"140C"=dword:00000003
"140D"=dword:00000003

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"140C"=dword:00000003
"140D"=dword:00000003

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"140C"=dword:00000003
"140D"=dword:00000003

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
"140C"=dword:00000003
"140D"=dword:00000003

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"140C"=dword:00000003
"140D"=dword:00000003

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
"140C"=dword:00000003
"140D"=dword:00000003

NoFlash

The following Registry entries disable the Flash Player ActiveX control in Internet Explorer 6 and newer versions on all web sites and for all user accounts:

REGEDIT4

; Copyright © 2004-2024, Stefan Kanthak <‍stefan‍.‍kanthak‍@‍nexgo‍.‍de‍>

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID]
"{1171A62F-05D2-11D1-83FC-00A0C9089C5A}"="0" ; FlashProp Class
"{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}"="0" ; [Adobe Flash Player Downloader]
"{D27CDB6E-AE6D-11CF-96B8-444553540000}"="0" ; Shockwave Flash Object
"{D27CDB70-AE6D-11CF-96B8-444553540000}"="0" ; Macromedia Flash Factory Object

Documented in the Security Advisory 2755801 and numerous Security Bulletins, for example MS15-131 and MS17-023, the following Registry entries disable the Flash Player ActiveX control in Microsoft Office for all user accounts:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
"Compatibility Flags"=dword:00000400

Alternative NoFlash Implementation

On versions of Windows^™ that ship without Flash Player, an (empty) file %SystemRoot%\System32\Macromed blocks the installation of its ActiveX control and the NPAPI as well as the PPAPI browser plugins instead of only disabling the ActiveX control.

Additional Restrictions, Safety and Security Settings

The script IE_SAFER.REG (documents and) enables a lot more restrictions, safety and security settings.

Contact and Feedback

If you miss anything here, have additions, comments, corrections, criticism or questions, want to give feedback, hints or tipps, report broken links, bugs, deficiencies, errors, inaccuracies, misrepresentations, omissions, shortcomings, vulnerabilities or weaknesses, …: don’t hesitate to contact me and feel free to ask, comment, criticise, flame, notify or report!

Use the X.509 certificate to send S/MIME encrypted mail.

Note: email in weird format and without a proper sender name is likely to be discarded!

I dislike HTML (and even weirder formats too) in email, I prefer to receive plain text.
I also expect to see your full (real) name as sender, not your nickname.
I abhor top posts and expect inline quotes in replies.

Terms and Conditions

By using this site, you signify your agreement to these terms and conditions. If you do not agree to these terms and conditions, do not use this site!

The software and the documentation on this site are provided as is without any warranty, neither express nor implied.
In no event will the author be held liable for any damage(s) arising from the use of the software or the documentation.
Permission is granted to use the current version of the software and the current version of the documentation solely for personal private and non-commercial purposes.
An individuals use of the software or the documentation in his or her capacity or function as an agent, (independent) contractor, employee, member or officer of a business, corporation or organisation (commercial or non-commercial) does not qualify as personal private and non-commercial purpose.
Without written approval from the author the software or the documentation must not be used for a business, for commercial, corporate, governmental, military or organisational purposes of any kind, or in a commercial, corporate, governmental, military or organisational environment of any kind.
Redistribution of the software and the documentation is allowed only in unmodified form of its current version and free of charge.

Data Protection Declaration

This web page records no (personal) data and stores no cookies in the web browser.

The web service is operated and provided by

Telekom Deutschland GmbH
Business Center
D-64306 Darmstadt
Germany
<‍hosting‍@‍telekom‍.‍de‍>
+49 800 5252033

The web service provider stores a session cookie in the web browser and records every visit of this web site with the following data in an access log on their server(s):

the (pseudonymised) IP address;
the date and time of the request;
the URL of the requested web page or file;
the Referer and User-Agent HTTP headers sent by the web browser;
the result (success or failure) of the request;
the amount of data received and sent.