Windows: Security change affecting PowerShell

A short note for people who using PowerShell. On January 8, 2019, Microsoft also closed a vulnerability in PowerShell with security updates. This affects the loopback behavior of the PowerShell. 


Advertising

The Windows security patch CVE-2019-0543 closed an Elevation of Privilege vulnerability in PowerShell. This occurred because Windows handled authentication requests improperly. An attacker could exploit this vulnerability by running a specially developed application on the affected system. The update fixed the vulnerability by correcting the way Windows handles authentication requests.

This security patch affects local loopback remoting when a PowerShell remote connection is made to the same machine and no administrator credentials are used. By default, PowerShell remoting endpoints do not allow access to non-administrator accounts. However, you can change endpoint configurations or create new custom endpoint configurations that allow access to non-administrator accounts. 

So you are not affected by this change unless you explicitly set up loopback endpoints on your computer to allow access to non-administrator accounts. What there is to know is collected by Microsoft in the MSDN blog post Windows Security change affecting PowerShell.


Advertising

This entry was posted in Security, Windows and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).