WN12-00-000200 - Windows PowerShell must be updated to a version that supports script block logging on Windows 2012/2012 R2.

Information

Later versions of Windows PowerShell provide additional security and advanced logging features that can provide greater detail when malware has been run on a system. PowerShell 5.x includes the advanced logging features. PowerShell 4.0 with the addition of patch KB3000850 on Windows 2012 R2 or KB3119938 on Windows 2012 adds advanced logging features.

PowerShell is updated with the installation of the corresponding version of the Windows Management Framework (WMF).

Updating to a later PowerShell version may have compatibility issues with some applications. The following links should be reviewed and updates tested before applying to a production environment.

WMF 4.0:
Review the System Requirements under the download link - https://www.microsoft.com/en-us/download/details.aspx?id=40855

WMF 5.0:
https://docs.microsoft.com/en-us/powershell/wmf/5.0/productincompat

WMF 5.1:
https://docs.microsoft.com/en-us/powershell/wmf/5.1/productincompat

Solution

Update Windows PowerShell to version 4.0 or 5.x.

Windows 2012 R2 includes PowerShell 4.0 by default. It may be updated with the installation of Windows Management Framework (WMF) 5.0 or 5.1.

Windows 2012 requires the installation of WMF 4.0, 5.0, or 5.1.

Updating to a later PowerShell version may have compatibility issues with some applications. The following links should be reviewed and updates tested before applying to a production environment.

WMF 4.0:
Review the System Requirements under the download link - https://www.microsoft.com/en-us/download/details.aspx?id=40855

WMF 5.0:
https://docs.microsoft.com/en-us/powershell/wmf/5.0/productincompat

WMF 5.1:
https://docs.microsoft.com/en-us/powershell/wmf/5.1/productincompat

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_2012_and_2012_R2_DC_V3R4_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-226053r794790_rule, STIG-ID|WN12-00-000200, STIG-Legacy|SV-95179, STIG-Legacy|V-80473, Vuln-ID|V-226053

Plugin: Windows

Control ID: 7ffda2ad307219a573719b3a6811a3c8fb9493f683d13d8cd4470d1c05bc38ed