NoScript (and NoFlash) for Microsoft Internet Explorer (and Microsoft Office) Valid HTML 4.01 Transitional Valid CSS Valid SVG 1.0

Me, myself & IT

NoScript (and NoFlash) for Microsoft® Internet Explorer (and Microsoft Office)

Purpose

Disable execution of JScript and VBScript as well as the ActiveX control of the permanent vulnerable Flash Player in Internet Explorer.

Reason

Disable attack vectors widely used by malware.

Implementation

NoScript

As documented in the MSKB articles 883256 and 915729, the Registry entries
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext]
;"RestrictToList"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID]
"{B54F3741-5B07-11CF-A4B0-00AA004A55E8}"="0" ; VBScript Language
"{F414C260-6AC0-11CF-B6D1-00AA00BBBB58}"="0" ; JScript Language
disable the JScript and VBScript engines in Internet Explorer 6 and newer versions on all web sites.

NoFlash

The Registry entries
REGEDIT4

; Copyright © 2004-2018, Stefan Kanthak <‍skanthak‍@‍nexgo‍.‍de‍>

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID]
"{1171A62F-05D2-11D1-83FC-00A0C9089C5A}"="0" ; FlashProp Class
"{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}"="0" ; [Adobe Flash Player Downloader]
"{D27CDB6E-AE6D-11CF-96B8-444553540000}"="0" ; Shockwave Flash Object
"{D27CDB70-AE6D-11CF-96B8-444553540000}"="0" ; Macromedia Flash Factory Object
disable the Flash Player ActiveX control in Internet Explorer 6 and newer versions on all web sites.

As documented in the Security Advisory 2755801 and numerous Security Bulletins, MS15-131 or MS17-023 for example, the Registry entries

REGEDIT4

; Copyright © 2009-2018, Stefan Kanthak <‍skanthak‍@‍nexgo‍.‍de‍>

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common\COM Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
"Compatibility Flags"=dword:00000400
disable the Flash Player ActiveX control in Microsoft Office.

Alternative NoFlash Implementation

On versions of Windows® that ship without Flash Player, an (empty) file %SystemRoot%\System32\Macromed blocks the installation of its ActiveX control and the NPAPI as well as the PPAPI browser plugins instead of only disabling the ActiveX control.

Contact

If you miss anything here, have additions, comments, corrections, criticism or questions, want to give feedback, hints or tipps, report broken links, bugs, errors, inaccuracies, omissions, vulnerabilities or weaknesses, …:
don’t hesitate to contact me and feel free to ask, comment, criticise, flame, notify or report!

Use the X.509 certificate to send S/MIME encrypted mail.

Notes: I dislike HTML (and even weirder formats too) in email, I prefer to receive plain text.
I also expect to see a full (real) name as sender, not a nickname!
Emails in weird formats and without a proper sender name are likely to be discarded.
I abhor top posts and expect inline quotes in replies.

Terms and Conditions

By using this site, you signify your agreement to these terms and conditions. If you do not agree to these terms and conditions, do not use this site!
Copyright © 1995–2018 • Stefan Kanthak • <‍skanthak‍@‍nexgo‍.‍de‍>