I had an interesting conversation with one of our security folks yesterday about PowerShell vulnerabilities. He has read several things in the news lately, for example: [url]http://www.securityweek.com/windows-powershell-increasingly-abused-attackers[/url]He inquired if we can remove PowerShell from our environments. Hmmmmm... We standardized on PowerShell for all of our scripts (i.e., database backup, database maintenance, database health checks, etc.) several years ago. So, that would be a complete re-write for us. And, who knows what we would use to replace PowerShell? cmd.exe does not appear to be particularly secure.A coworker found the following link [url]http://msdn.microsoft.com/en-us/library/ms143506.aspx[/url], which states:[quote]SQL Server 2014 does not install or enable Windows PowerShell 2.0; however Windows PowerShell 2.0 is an installation prerequisite for Database Engine components and SQL Server Management Studio. If Setup reports that Windows PowerShell 2.0 is not present, you can install or enable it by following the instructions on the Windows Management Framework page.[/quote]Can anyone share their experiences about PowerShell vulnerabilities and how they address them?See also old SQL Server Central discussion at [url]http://www.sqlservercentral.com/Forums/Topic941730-1351-1.aspx[/url]
↧