Hasty Briefsbeta

PowerShell's curl runs JavaScript code with system access

21 hours ago
https://support.microsoft.com/en-us/topic/powershell-5-1-preventing-script-execution-from-web-content-7cb95559-655e-43fd-a8bd-ceef2406b705
Copy Link
  • #PowerShell
  • #Automation
  • #Security
  • Windows PowerShell 5.1 now displays a security confirmation prompt when using Invoke-WebRequest without special parameters.
  • The prompt warns about potential script execution risks and advises using the -UseBasicParsing parameter for safety.
  • Users must choose to continue (accepting risks) or cancel (default safe option) the operation.
  • This change primarily impacts enterprise or IT-managed environments using PowerShell for automation.
  • Interactive sessions show the prompt, while automated scripts may hang if not updated to use -UseBasicParsing.
  • Recommendations include updating scripts to use -UseBasicParsing, refactoring for untrusted content, and modernizing web interactions.
  • PowerShell 7.x uses secure parsing by default and avoids Internet Explorer dependencies.
  • Legacy parsing should be limited to trusted sources and used sparingly.
AboutLogin