Windows: Security change affecting PowerShell

A short note for people who using PowerShell. On January 8, 2019, Microsoft also closed a vulnerability in PowerShell with security updates. This affects the loopback behavior of the PowerShell. 


The Windows security patch CVE-2019-0543 closed an Elevation of Privilege vulnerability in PowerShell. This occurred because Windows handled authentication requests improperly. An attacker could exploit this vulnerability by running a specially developed application on the affected system. The update fixed the vulnerability by correcting the way Windows handles authentication requests.

This security patch affects local loopback remoting when a PowerShell remote connection is made to the same machine and no administrator credentials are used. By default, PowerShell remoting endpoints do not allow access to non-administrator accounts. However, you can change endpoint configurations or create new custom endpoint configurations that allow access to non-administrator accounts. 

So you are not affected by this change unless you explicitly set up loopback endpoints on your computer to allow access to non-administrator accounts. What there is to know is collected by Microsoft in the MSDN blog post Windows Security change affecting PowerShell.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security, Windows and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *