CVE-2019-0543 Changes How Windows PowerShell and PowerShell Core 6 WinRM Based Remoting Works

If you’re attempting to do loopback remoting for Windows PowerShell or PowerShell Core 6 after applying January security updates, you may have run into problems.

Per Microsoft…

The breaking change is not in PowerShell but in a system security fix that restricts process creation between Windows sessions. This fix is preventing WinRM (which PowerShell uses as a remoting transport and host) from successfully creating the remote session host, for this particular scenario. There are no plans to update WinRM.


The breaking change only affects local loopback remoting, which is a PowerShell remote connection made back to the same machine, while using non-Administrator credentials.

Details and workaround: Windows Security change affecting PowerShell