Microsoft asks admins to patch PowerShell to fix WDAC bypass


Level 37
Thread author
Top poster
Feb 4, 2016
Microsoft has asked system administrators to patch PowerShell 7 against two vulnerabilities allowing attackers to bypass Windows Defender Application Control (WDAC) enforcements and gain access to plain text credentials.

PowerShell is a cross-platform solution that provides a command-line shell, a framework, and a scripting language focused on automation for processing PowerShell cmdlets.
Redmond released PowerShell 7.0.8 and PowerShell 7.1.5 to address these security flaws in the PowerShell 7 and PowerShell 7.1 branches in September and October.

How to tell if you are affected​

The CVE-2020-0951 vulnerability affects both PowerShell 7 and PowerShell 7.1 versions, while CVE-2021-41355 only impacts users of PowerShell 7.1.
To check the PowerShell version you are running and determine if you are vulnerable to attacks exploiting these two bugs, you can execute the pwsh -v command from a Command Prompt.

Microsoft says no mitigation measures are currently available to block the exploitation of these security flaws.
Admins are advised to install the updated PowerShell 7.0.8 and 7.1.5 versions as soon as possible to protect systems from potential attacks.


Level 4
Jan 27, 2012
Doesn't work.


  • pwsh-1.jpg
    83.9 KB · Views: 76
  • Like
Reactions: DDE_Server and Nevi

ForgottenSeer 92963

The MSI version for home users can be downloaded and installed from here:

This should patch the flaw in the affected PS version on Windows 11. Users are advised to install it ASAP.
I sill have 5.1 on Windows 11, so I would rather advise to check which version is installed first (see post #3).

According the info @notyonachos posted, home users don't need V7, also V5 and V7 keep existing side by side. So when home users have "upgraded" to V7, I would strongly advise to de-install this V7 powershell attack surface "upgrade".
Last edited by a moderator: