Windows PowerShell versions 4.0 (with a patch) and 5.x add advanced logging features that can provide additional detail when malware has been run on a system. Ensuring Windows PowerShell 2.0 is not installed as well mitigates against a downgrade attack that evades the advanced logging features of later Windows PowerShell versions.

Windows PowerShell 5.0 added advanced logging features which can provide additional detail when malware has been run on a system. Disabling the Windows PowerShell 2.0 mitigates against a downgrade attack that evades the Windows PowerShell 4. Kaspersky Lab described a zeroday Windows vulnerability (CVE) that its researchers recently discovered, and how PowerShell was used by the exploit.

A newly reported zeroday vulnerability (CVE) discovered by Kaspersky Lab uses PowerShell to attack Windows systems. CVE was one of two Windows vulnerabilities (the other, CVE, was discovered by Alibaba's security team) that were described by Microsoft as being under active attack.

This Microsoft Support page provides downloads of the Windows Management Framework that includes WinRM 2.0, Windows PowerShell 2.0, and BITS 4.0. These files are for Windows Server 2008, for Windows Vista, for Windows Server 2003, and for Windows XP. Windows PowerShell is an automation platform and scripting language for Windows and Windows Server that allows you to simplify the management of your systems. Windows PowerShell 2.0 and WinRM 2.0 for Windows Server 2008 x64 Edition (KB). Windows PowerShell is a commandline shell and scripting language that is designed for system administration and Automation. Built on the Microsoft .NET Framework, Windows PowerShell enables IT professionals and developers to control and automate the administration of Windows and applications.

