PowerShell Team 

Windows Security change affecting PowerShell

January 10th, 2019

Windows Security change affecting PowerShell January 9, 2019 The recent (1/8/2019) Windows security patch CVE-2019-0543, has introduced a breaking change for a PowerShell remoting scenario. It is a narrowly scoped scenario that should have low impact for most users. The breaking change only affects local loopback remoting, which is a ...

PowerShell Constrained Language mode and the Dot-Source Operator

November 26th, 2018

PowerShell Constrained Language mode and the Dot-Source Operator PowerShell works with application control systems, such as AppLocker and Windows Defender Application Control (WDAC), by automatically running in ConstrainedLanguage mode. ConstrainedLanguage mode restricts some exploitable aspects of PowerShell while still giving you a rich ...

DSC Resource Kit Release October 2018

October 25th, 2018

We just released the DSC Resource Kit! This release includes updates to 9 DSC resource modules. In the past 6 weeks, 126 pull requests have been merged and 79 issues have been closed, all thanks to our amazing community! The modules updated in this release are: For a detailed list of the ...

New Look and Features for PowerShell Gallery

September 12th, 2018

The PowerShell Gallery and PowerShellGet have just been updated to provide new features, performance improvements, and a new modern design.

NOTE: This post has important information for publishers in the “Accounts and publishing” section.

PowerShell Module Function Export in Constrained Language

August 14th, 2018

PowerShell Module Exporting Functions in Constrained Language PowerShell offers a number of ways to expose functions in a script module. But some options have serious performance or security drawbacks. In this blog I describe these issues and provide simple guidance for creating performant and secure script modules. Look for a module soon in ...

PowerShell Injection Hunter: Security Auditing for PowerShell Scripts

August 3rd, 2018

At the DEFCON security conference last year, we presented the session: "Get $pwnd: Attacking Battle Hardened Windows Server".

In this talk, we went through some of the incredibly powerful ways that administrators can secure their high-value systems (for example, Just Enough Administration) and also dove into some of the mistakes that administrators sometimes make when exposing their PowerShell code to an attacker. The most common form of mistake is script injection, where a script author takes a parameter value (supplied by an attacker) and runs it in a trusted context (such as a function exposed in a Just Enough Administration endpoint).

PowerShell Constrained Language Mode

November 2nd, 2017

PowerShell Constrained Language Mode Update (May 17, 2018) In addition to the constraints listed in this article, system wide Constrained Language mode now also disables the ScheduledJob module. The ScheduledJob feature uses Dot Net serialization that is vulnerable to deserialization attacks. So now whenever an application whitelisting ...

Defending Against PowerShell Attacks

October 23rd, 2017

[Updated Feb 20th, 2020 with latest guidance] The security industry is ablaze with news about how PowerShell is being used by both commodity malware and attackers alike. Surely there’s got to be a way to defend yourself against these attacks! There absolutely is. PowerShell is - by far - the most securable and security-transparent ...

PowerShell in Azure Cloud Shell (Preview) is now publically available in Azure Portal

September 26th, 2017

Yesterday, at IGNITE 2017, we announced the public availability of PowerShell in Azure Cloud Shell. With the addition of PowerShell in Cloud Shell, alongside Bash in Azure Cloud Shell, you now have the flexibility to choose the shell experience that works best for you. Thank you to our private preview users who helped shape the current ...

Coming Soon – PowerShell in Azure Cloud Shell

May 23rd, 2017

At BUILD 2017, we announced the preview of Azure Cloud Shell supporting the Bash shell. We are adding PowerShell support to Azure Cloud Shell, which gives you a choice of shell to get work done. Sign-up today to participate in a limited preview of PowerShell in Azure Cloud Shell. We look forward to sharing this awesome new PowerShell ...