CVE-2020-16886

Name of the Vulnerable Software and Affected Versions: PowerShellGet V2 module (affected versions not specified)

Description: The issue is related to security mechanism shortcomings in the PowerShellGet module of the Windows operating system. It allows an attacker to bypass Windows Defender Application Control policy and execute arbitrary code. To exploit this, an attacker must have administrator privileges to install the PowerShellGet V2 module from the PowerShell Gallery and configure the WDAC policy to allow the module to run. This enables the injection and execution of PowerShell scripts with full trust, leading to arbitrary code execution on the machine.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.