Summary
After you apply the April 2017 security updates described in Microsoft security update guidance CVE-2017-0160, the PowerShell v3.0+ stop-computer command fails. Additionally, if applications use power management methods, such as shutdown or reboot, from the Win32_OperatingSystem class and set the EnablePrivileges attribute to true, they may observe the same failure. A "Privilege not held" error message is returned.
More information
Symptoms for Issue 1
Customers who try to turn off or restart a system, either local or remote, by using the stop-computer command on PowerShell v3.0 and later, will see the following error:
stop-computer : Privilege not held.
At line:1 char:1
+ stop-computer
+ ~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (<COMPUTERNAME>:String) [Stop-Computer], ManagementE
+ FullyQualifiedErrorId : StopComputerException,Microsoft.PowerShell.Commands.StopComputerCommand
Workaround for Issue 1
To work around this issue, run the following “shutdown.exe” command to execute power-down and restart operations on local or remote systems:
shutdown.exe [-r] [-s] [-m \\computer]
For more information and command help, run:
shutdown.exe -?
Symptoms for Issue 2
Customer applications using power management methods, such as shutdown or reboot, from the Win32_OperatingSystem class and set the EnablePrivileges attribute to true, may observe the same “Privilege not held” error.
-
Example 1 (PowerShell) returns “Privilege not held” error:
$computername= "." $win32OS = get-wmiobject win32_operatingsystem -computername $computername $win32OS.psbase.Scope.Options.EnablePrivileges = $true $win32OS.reboot()-
Example 2 (C# code) returns “Privilege not held” error:
[STAThread] static void Main(string[] args) { ManagementClass mgmtObject = new ManagementClass("Win32_OperatingSystem"); foreach (ManagementObject iterMgmtObject in mgmtObject.GetInstances()) { iterMgmtObject.Scope.Options.EnablePrivileges = true; iterMgmtObject.InvokeMethod("Reboot", null, null); } }
-
Workaround for Issue 2
-
For Example 1 (PowerShell):
$computername= "." $win32OS = get-wmiobject win32_operatingsystem -computername $computername -EnableAllPrivileges $win32OS.reboot() -
For Example 2 (C# code):
using System; using System.Collections.Generic; using System.Linq; using System.Management; using System.Text; using System.Threading.Tasks; namespace ConsoleApplication { public class Program { static void Main(string[] args) { var mgmtScope = new ManagementScope( ManagementPath.DefaultPath, new ConnectionOptions() { EnablePrivileges = true }); var mgmtClass = new ManagementClass(mgmtScope, new ManagementPath("Win32_OperatingSystem"), null); foreach (ManagementObject mgmtInst in mgmtClass.GetInstances()) { var mgmtCallResult = mgmtInst.InvokeMethod("Reboot", null, null); Console.Out.WriteLine("Reboot() Return Value: {0}", mgmtCallResult["ReturnValue"]); } } } }
Resolution
Resolution for Issue 1
To resolve this problem, install the update in the table below according to your system.
Operating System |
Update |
Windows Server 2008 |
For the .NET Framework 2.0, install update 4020511 For the .NET Framework 4.5.2, install update 4020507 For the .NET Framework 4.6, install update 4020503 |
Windows 7 and Windows Server 2008 R2 |
For the .NET Framework 3.5.1, install update 4020513 For the .NET Framework 4.5.2, install update 4020507 For the .NET Framework 4.6 or 4.6.1, install update 4020503 For the .NET Framework 4.6.2, install update 4020500 |
Windows Server 2012 |
For the .NET Framework 3.5, install update 4020512 For the .NET Framework 4.5.2, install update 4020506 For the .NET Framework 4.6 or 4.6.1, install update 4020501 For the .NET Framework 4.6.2, install update 4020498 |
Windows 8.1 and Windows Server 2012 R2 |
For the .NET Framework 3.5, install update 4020514 For the .NET Framework 4.5.2, install update 4020505 For the .NET Framework 4.6 or 4.6.1, install update 4020502 For the .NET Framework 4.6.2, install update 4020499 |
Windows 10 RTM |
Install update 4019474 |
Windows 10 version 1511 |
Install update 4019473 |
Windows 10 version 1607, and Windows Server 2016 |
Install update 4019472 |
Windows 10 version 1703 |
Install update 4016871 |
Resolution for Issue 2
To resolve this problem, install the update in the table below according to your system.
Product Version |
Preview of Quality Rollup KB |
---|---|
Windows 10 Update 1703 (RS2) Windows Server 2016 |
|
.NET Framework 3.5 |
|
.NET Framework 4.7 |
|
Windows 10 Update 1607 Windows Server 2016 |
|
.NET Framework 3.5 |
Catalog 4034661 |
.NET Framework 4.6.2 and 4.7 |
Catalog 4034658 |
Windows 8.1 Windows RT 8.1 Windows Server 2012 R2 |
|
.NET Framework 3.5 |
|
.NET Framework 4.5.2 |
|
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7 |
|
Windows Server 2012 |
|
.NET Framework 3.5 |
|
.NET Framework 4.5.2 |
|
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7 |
|
Windows 7 Windows Server 2008 R2 |
|
.NET Framework 3.5.1 |
|
.NET Framework 4.5.2 |
|
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7 |
|
Windows Server 2008 |
|
.NET Framework 2.0 |
|
.NET Framework 4.5.2 |
|
.NET Framework 4.6 |
Applies to
This article applies to the following products, as described in the Affected Products section of CVE-2017-0160:
Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on all supported versions of Windows running PowerShell 3.0 and later versions.