Articles about PowerShell

Microsoft has issued a security notice about two zero-day vulnerabilities with its own Microsoft Exchange Server. Versions 2013, 2016 and 2019 of the software are affected.

One vulnerability (CVE-2022-41082) allows for remote code execution when an attacker has access to PowerShell; the second (CVE-2022-41040) is a Side Request Forgery (SSRF) vulnerability. Both vulnerabilities are being exploited in the wild.

Continue reading →

We've already spoken about Microsoft releasing the KB5015814 security update for Windows 11, but Windows 10 users have not been forgotten this month. These are security updates that should be installed as soon as possible.

The KB5015811 update is available for Windows 10 version 1809, while the KB5015807 update is designed for Windows 10 versions 20H2, 21H1 and 21H2. Just as with the Windows 11 update, these both address a problem with PowerShell as well as fixing various security issues and introducing numerous improvements.

Continue reading →

For July's Patch Tuesday, Microsoft has released the KB5015814 update for Windows 11. This security update takes Windows 11 up to build 22000.795 and addresses a number of issues with the operating system. To accompany the release, Microsoft has also provided a handful of Windows 11 tips.

The company points out that this particular update includes the improvements that were introduced with last month's KB5014668 update. Importantly, it also addresses a PowerShell issue with blank transcript logs and lost passwords.

Continue reading →

The NSA might not be the first organization that you think of turning to for advice about how to secure your computer, but the agency has offered up various tips about how to use PowerShell to do just this.

In conjunction with the Cybersecurity and Infrastructure Security Agency (CISA), the New Zealand National Cyber Security Centre (NZ NCSC) and the United Kingdom National Cyber Security Centre (NCSC-UK), the NSA has published a Cybersecurity Information Sheet. The document is entitled Keeping PowerShell: Security Measures to Use and Embrace, and it advises properly configuring and monitoring PowerShell, rather than removing or disabling it as is often recommended.

Continue reading →

After a series of a preview builds and a recent release candidate, Microsoft's PowerShell 7.2 has now hit General Availability.

Based on the newly released .NET 6, this is a Long Term Support (LTS) version that will enjoy support from Microsoft for three years. In addition to bug fixes and performance improvements, PowerShell 7.2 boasts numerous new features including new APIs to use in scripts.

Continue reading →

Development of PowerShell continues apace, and Microsoft has just pushed out a new release candidate with a fairly lengthy changelog.

PowerShell 7.2.0 RC1 is available for Windows, macOS and Linux, and over the coming days and weeks it will undergoing further testing and refinement before it is marked as being a final release. The release candidate includes various changes and fixes including using a newer version of .NET and addressing an RPM packaging issue.

Continue reading →

Microsoft has issued a stark warning to system administrators, advising them of the importance of updating PowerShell 7 as soon as possible.

Versions prior to PowerShell 7.0.8 and PowerShell 7.1.5 are vulnerable to a .NET Core Information Disclosure flaw that is being tracked as CVE-2021-41355. There is a degree of urgency to upgrading to a non-vulnerable version of PowerShell, as the flaw could expose credentials in plain text in Linux.

Continue reading →

With another Patch Tuesday rolling around, Microsoft has released a pair of new updates for Windows 10 -- KB5005565 and KB5005566.

Serving the same purpose, KB5005566 is available for Windows 10 version 1909, and KB5005565 is available for Windows 10 versions 2004, 20H2 and 21H1. These cumulative updates include security fixes, so they are important to install, but they also address non-security bugs including one affecting PowerShell.

Continue reading →

Microsoft has issued a warning to users of PowerShell 7.0 and 7.1 to update their software to protect against a .NET Core remote code execution vulnerability.

Tracked as CVE-2021-26701, the vulnerability is described as critical and could affect Windows, macOS and Linux. The security issue has been known about for a little while, but Microsoft is only now urging users to install updates to ensure that they are protected.

Continue reading →

Most people are familiar with the idea of using Windows Update to... well... keep Windows up-to-date. But there is also Microsoft Update which is used to keep other Microsoft software updated, and it can now be used to update PowerShell.

The announcement from Microsoft that PowerShell updates will be delivered through Microsoft Update will be welcome by anyone who dislikes the process of checking and updating the software via GitHub.

Continue reading →

If the recent printing problems caused by a string of Windows 10 updates weren't so disruptive -- and if the poor quality of updates from Microsoft hadn't been an issue for so long -- the situation would almost be funny.

As it is, however, those who have been affected by the bug-riddled updates find themselves extraordinarily frustrated and losing trust in Microsoft's ability to deliver reliable software. With so many updates, patches, bug fixes and workarounds having been released in the last couple of weeks, keeping on top of problems has been difficult. This PowerShell script should get things sorted once and for all.

Continue reading →

Rich Turner, a senior program manager at Microsoft, has taken to Twitter to practically beg people to move away from Cmd to PowerShell. Why? Well Cmd is an ancient hangover from the days of MS-DOS, for a start!

He explains that Cmd is in maintenance mode, and only continues to exist for the purpose of backward compatibility. Stating "PowerShell is the future", he states categorically that the old command line interpreter "should not be used for interactive shell work".

Continue reading →

Microsoft has announced that its cross-platform automation tool and configuration framework PowerShell 7 is now Generally Available.

Available for Windows, macOS and Linux, PowerShell 7 sees Microsoft moving from .NET Core 2.x to 3.1 which enables greater backwards compatibility with existing Windows PowerShell modules thanks to the resurrection of numerous .NET Framework APIs. The cross-platform nature of PowerShell 7 means that Ubuntu, openSUSE, Fedora, Debian and other Linux distro are embraced.

Continue reading →