Microsoft, this previous week, introduced that Home windows 11 24H2 is now able to roll out to everybody and that it may be downloaded by all. That is regardless of the a number of flaws the most recent characteristic replace has. For instance, there are main upgrade-related bugs, widespread efficiency complaints, and potential knowledge loss worries related.

On high of that, as identified by Neowin reader dustojnikhummer, there are additionally issues which have seemingly remained undocumented for months and AppLocker WDAC (Home windows Defender Software Management) Enforcement for scripts seems to be considered one of them.

Again in 2023, Microsoft had made AppLocker deployment simpler, however it seems to be like the corporate didn’t fairly take a look at all of it that properly for 2024-2025.

For these questioning what it’s, AppLocker utility management insurance policies assist the enterprise handle the functions and recordsdata that customers can run on their programs. These embody EXE recordsdata, scripts, Home windows Installer recordsdata, DLL recordsdata, packaged apps, and packaged app installers.

The difficulty appeared to have been first seen by a person CFou on the Stack Alternate discussion board. They seen that ConstrainedLanguage mode enforcement wouldn’t work because the PowerShell session would find yourself utilizing FullLanguage. One other person commented in a while the thread suggesting that the problem was associated to Home windows 11 24H2 as they may reproduce it on the most recent model of Home windows.

The difficulty was later picked up by Reddit person hornetfig on the sysadmin subreddit. Others on the thread mentioned that they may reproduce the problem too on Home windows 11 24H2. It is a large safety concern because it permits each script, together with malicious ones, to run unrestricted.

Microsoft MVP Roody Ooms investigated the problem to grasp what was occurring otherwise on 24H2 to vary this behaviour. He found that the issue was seemingly being precipitated as a result of an imperfect implementation of a brand new WldpCanExecuteFile API that was added with PowerShell 7.3. Earlier PowerShell releases, as a substitute, used the legacy WldpGetLockdownPolicy API for detecting system lockdowns.

Microsoft appears to concentrate on this challenge and is lastly making modifications. PowerShell 7.6-preview.4 accommodates the next repair as a part of the Engine Enhancements:

Fallback to AppLocker after WldpCanExecuteFile (#24912)

Yow will discover extra technical particulars concerning the bug on Roody Ooms’ weblog submit right here.