Windows PowerShell now warns when running Invoke-WebRequest scripts

Source: BleepingComputer

Author: Sergiu Gatlan

URL: https://www.bleepingcomputer.com/news/security/microsoft-windows-powershell-now-warns-when-running-invoke-webrequest-scripts/

ONE SENTENCE SUMMARY:

Microsoft updates Windows PowerShell to warn against risky script execution, aiming to secure enterprise environments using Invoke-WebRequest.

MAIN POINTS:

1. PowerShell now warns when scripts use Invoke-WebRequest to download web content.
2. Mitigates CVE-2025-54100 vulnerability affecting enterprise environments.
3. Warning added to Windows PowerShell 5.1 on Windows 10 and 11.
4. Users prompted to use ‘-UseBasicParsing’ for safer web content processing.
5. Pressing ‘No’ cancels operation; ‘Yes’ allows older parsing with risk.
6. KB5074204 update displays confirmation prompt about script execution risks.
7. Admins advised to update scripts to avoid manual confirmation delays.
8. ‘curl’ command in PowerShell linked to the same warnings.
9. Scripts downloading content or working with response body require no changes.
10. Additional details available in Microsoft’s support documentation.

TAKEAWAYS:

1. Use ‘-UseBasicParsing’ to avoid executing risky scripts.
2. Update scripts for seamless automation without manual intervention.
3. PowerShell 5.1 enhances security with essential warnings.
4. Enterprise environments benefit most from this update.
5. Stay informed with Microsoft’s documentation for additional guidance.