Windows Script Host (WSH) is a built-in Windows component that runs script files such as JScript and VBScript. It provides a native execution path for scripts launched from the command line, File Explorer, email attachments, or other applications that call the Windows scripting engine.
WSH matters in cyber security because attackers can abuse it to execute code without dropping a traditional executable. Script files may blend in with normal administrative or automation tasks, making them useful in phishing, initial access, and post-compromise activity. In real attacks, defenders often see suspicious script launches, encoded or obfuscated content, and follow-on process chains started from user-clicked files. On the defensive side, organizations can reduce risk by disabling WSH where it is not needed, enforcing application control, filtering risky attachment types, and monitoring for script-based execution from email or user-writable folders.



