Windows PowerShell 5.1 Invoke-WebRequest script-execution mitigation (CVE-2025-54100)
Advisory/Mitigation
Summary
Hide ▲
Show ▼
Microsoft added a security confirmation prompt to Windows PowerShell 5.1 so Invoke-WebRequest does not silently parse web pages in a way that could run embedded scripts. The change reduces remote code execution risk for automation-heavy Windows 10 and Windows 11 environments linked to CVE-2025-54100. Administrators are told to use -UseBasicParsing or cancel the operation when the warning appears. The mitigation arrives with KB5074204 and also affects scripts that rely on the curl alias.
Related Happenings
Microsoft AutoGen Studio AutoJack MCP WebSocket command execution security flaw
Vulnerability
H score33
First: 22.06.2026 20:28
Last: 22.06.2026 20:28
Sources 1
About this happening:
Microsoft’s **AutoJack** chain exposed **AutoGen Studio** to **arbitrary command execution** for developers building from the main GitHub branch before the hardening commit.
Microsoft AutoGen Studio AutoJack MCP WebSocket command execution security flaw
VulnerabilityAbout this happening: Microsoft’s **AutoJack** chain exposed **AutoGen Studio** to **arbitrary command execution** for developers building from the main GitHub branch before the hardening commit.
Windows cldflt.sys privilege escalation (CVE-2020-17103)
Vulnerability
H score28
First: 18.05.2026 01:30
Last: 18.05.2026 01:30
Sources 1
About this happening:
A public **MiniPlasma** proof-of-concept has renewed concern around the **Windows cldflt.sys Cloud Filter driver** because it can elevate a **standard user** to **SYSTEM** on **fu...
Windows cldflt.sys privilege escalation (CVE-2020-17103)
VulnerabilityAbout this happening: A public **MiniPlasma** proof-of-concept has renewed concern around the **Windows cldflt.sys Cloud Filter driver** because it can elevate a **standard user** to **SYSTEM** on **fu...
Windows DNS heap-based buffer overflow remote code execution flaw (CVE-2026-41096)
Vulnerability
H score41
First: 13.05.2026 13:36
Last: 13.05.2026 13:36
Sources 1
About this happening:
Microsoft patched **CVE-2026-41096**, a **heap-based buffer overflow** in **Windows DNS** that could let an unauthorized attacker execute code remotely on vulnerable Windows syste...
Windows DNS heap-based buffer overflow remote code execution flaw (CVE-2026-41096)
VulnerabilityAbout this happening: Microsoft patched **CVE-2026-41096**, a **heap-based buffer overflow** in **Windows DNS** that could let an unauthorized attacker execute code remotely on vulnerable Windows syste...
Microsoft SaRA deprecation and Get Help replacement for Windows admin diagnostics
Security Tool/Service
H score14
First: 06.04.2026 20:45
Last: 06.04.2026 20:45
Sources 1
About this happening:
Microsoft removed **SaRA**, a scriptable Windows support utility, from **in-support Windows updates** starting **March 10**, changing the troubleshooting toolset available to admi...
Microsoft SaRA deprecation and Get Help replacement for Windows admin diagnostics
Security Tool/ServiceAbout this happening: Microsoft removed **SaRA**, a scriptable Windows support utility, from **in-support Windows updates** starting **March 10**, changing the troubleshooting toolset available to admi...
ClickFix Windows Terminal Lumma Stealer campaign
Campaign
H score35
First: 06.03.2026 08:44
Last: 06.03.2026 08:44
Sources 1
About this happening:
A **widespread ClickFix** campaign is abusing **Windows Terminal (wt.exe)** to run malicious commands and deploy **Lumma Stealer**, expanding the risk of credential theft and brow...
ClickFix Windows Terminal Lumma Stealer campaign
CampaignAbout this happening: A **widespread ClickFix** campaign is abusing **Windows Terminal (wt.exe)** to run malicious commands and deploy **Lumma Stealer**, expanding the risk of credential theft and brow...
Timeline
-
09.12.2025 22:45 2 articles · 7mo ago
Microsoft adds Invoke-WebRequest script-execution warning
Mitigation Patch UpdateMicrosoft added a security confirmation prompt to Windows PowerShell 5.1 for Invoke-WebRequest web-content downloads so scripts embedded in parsed pages could not run silently, and it advises administrators in enterprise and IT-managed environments using PowerShell automation to use -UseBasicParsing or cancel the operation. The warning, tied to CVE-2025-54100 and the KB5074204 update, also applies when scripts invoke the curl alias, while most existing commands that only download content or read response data should continue to work with little or no modification.
Show sources
- Windows PowerShell now warns when running Invoke-WebRequest scripts — www.bleepingcomputer.com — 09.12.2025 22:45
- Windows PowerShell now warns when running Invoke-WebRequest scripts — www.bleepingcomputer.com — 09.12.2025 22:45