Windows PowerShell now issues a warning when running scripts using the Invoke-WebRequest cmdlet, a change designed to prevent potentially risky code execution. This update specifically targets scripts that download web content and helps mitigate remote code execution vulnerabilities in enterprise environments. The new security feature was added to Windows PowerShell 5.1, available on Windows 10 and Windows 11, bringing it in line with the secure web parsing of PowerShell 7.
Security Prompt Enhancements
Users will see a prompt when attempting to download web content using the Invoke-WebRequest cmdlet. This prompt warns about the risk that scripts on downloaded webpages could execute. To ensure safer processing, PowerShell recommends rerunning commands with the -UseBasicParsing parameter. This choice eliminates embedded scripts, preventing unintended executions. If users proceed, PowerShell will employ full HTML parsing, executing any script content found on the page.
Microsoft suggests that after installing update KB5074204, administrators should adapt their scripts to use -UseBasicParsing by default. This will avoid the manual security prompt and enhance overall script security. The update affects scripts using the curl alias, which maps to Invoke-WebRequest, thus triggering the same warning.
User and Admin Impact
The update places emphasis on user diligence, encouraging safe web parsing practices. Scripts merely downloading content or interpreting response bodies in JSON or text are generally unaffected. Administrators are encouraged to update existing scripts to bypass the new prompts, streamlining operations. By using -UseBasicParsing, users can maintain secure and reliable script execution without manual intervention.
Overall, this shift in PowerShell's handling of web content marks a modest but significant advance in script execution safety for business and tech environments.
