Windows Update Triggering "Script Execution Risk"

mg3putt · December 11

Hello, this is more of an informational post that may hit the mainstream users.

I run Windows 11 on my Mac Silicon chip and a security update was installed 2 days ago (Security Update (KB5072033) (26200.7462)). From the Microsoft website this update includes:
[PowerShell 5.1] Invoke-WebRequest now includes a confirmation prompt with a security warning of script execution risk. You can choose to continue or cancel the request. For additional details, see CVE-2025-54100 and KB5074596: PowerShell 5.1: Preventing script execution from web content.

Now when I run UpdatePSData.bat I get the following error.

Security Warning: Script Execution Risk
Invoke-WebRequest parses the content of the web page. Script code in the web page might be run when the page is
parsed.
RECOMMENDED ACTION:
Use the -UseBasicParsing switch to avoid script code execution.

Do you want to continue?

[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "N"): a

I have modified my GetQuotes-Yahoo.ps1 file to include the -UseBasicParsing switch on the Invoke-WebRequest to bypass this user interaction as I have scripted the entire daily update using Power Automate.

Again, this is FYI only and if this PowerShell update makes it way into the mainstream Win11 code this will likely be an issue for many.

Mark

dmorley64 · December 11

I came here to comment on this as well and to hopefully get a little guidance as I am not sure where to add the -useBasicParsing switch.

From my GetQuotes-YaHoo.ps I see "Invoke-Webrequest" twice. Do I add this to both instances and if so, exactly where in the line?

try {
$reqCount++; $wr = Invoke-WebRequest -Uri $url -WebSession $websession;
} catch {
# if attempt to get webpage failed go to next symbol
$reqFailed++; " " + $symbol + " - Not Found (web err) `r`n" | Out-File $logFile -Encoding OEM -Append;
continue;
}
if ($wr.StatusCode -ne 200) {
$reqFailed++; " " + $symbol + " - Returned status code: " + $wr.StatusCode + " `r`n" | Out-File $logFile -Encoding OEM -Append;
continue;
}

# Fetch the JSON data
$jsonData = Invoke-WebRequest -Uri $url | Select-Object -ExpandProperty Content | ConvertFrom-Json

dmorley64 · December 11

So to answer my own question and to leave this here for others that may be looking for guidance. I added -UseBasicParsing to both instances in GetQuotes-YaHoo. I also had to update it in GetQuotes-YahooIntraday and GetExchRates-YahooIntrady. Not sure about other websites/scripts other than YaHoo.

try {
$reqCount++; $wr = Invoke-WebRequest -UseBasicParsing -Uri $url -WebSession $websession;
} catch {
# if attempt to get webpage failed go to next symbol
$reqFailed++; " " + $symbol + " - Not Found (web err) `r`n" | Out-File $logFile -Encoding OEM -Append;
continue;
}
if ($wr.StatusCode -ne 200) {
$reqFailed++; " " + $symbol + " - Returned status code: " + $wr.StatusCode + " `r`n" | Out-File $logFile -Encoding OEM -Append;
continue;
}

# Fetch the JSON data
$jsonData = Invoke-WebRequest -UseBasicParsing -Uri $url | Select-Object -ExpandProperty Content | ConvertFrom-Json

VidasMatelis · December 11

@mg3putt, @dmorley64
Thank you for providing this info for the community.
Here is a link to more information for this change: https://windowsforum.com/threads/powershell-5-1-web-content-parsing-security-prompt-and-usebasicparsing-guide.393090/
It appears that this update required changes in 4 scripts:
GetQuotes-YahooIntraday.ps1
GetExchRates-Stooq.ps1
GetExchRates-YahooIntraday.ps1
GetQuotes-Yahoo.ps1

These scripts are now updated and available for download from "Download" page.

virosoft · December 12

Thanks for the prompt support/fix.

Howdy, Stranger!

Categories

Windows Update Triggering "Script Execution Risk"

Comments

Howdy, Stranger!

Quick Links

Categories

Windows Update Triggering "Script Execution Risk"

Comments