An MCP Tool to Modify Active Directory with Claude or CoPilot
PowerShell Summit 2025 Has Begun! Sadly, I am not there though… that said, there are a lot of good speakers, and I’m sure some of their presentations may find their way to the PowerShell.org channel. Here is the 2024 Summit playlist for your enjoyment:
Jeff Hicks Returns to the PowerShell Podcast - Jeff talks with Andrew about his latest projects and takes on PowerShell scripting in general.
An Active Directory MCP Server to Make Changes with Claude or CoPilot - Microsoft MVP and Lazy Admin, Ruud, has put together a truly impressive tool to manage Active Directory https://lazyadmin.nl/koppla/
Harm Veenstra demonstrates how to launch Start Menu apps with PowerShell. https://powershellisfun.com/2025/03/21/launching-start-menu-apps-using-powershell/
In Other News…
(Incidentally mostly from Bleeping Computer)
Microsoft delays WSUS driver sync deprecation indefinitely – Microsoft backed off a planned April 18 removal of Windows Server Update Services (WSUS) driver distribution, citing IT admin feedback. This means organizations can continue using WSUS for driver updates for now, giving admins more time before any required move to cloud-based update services.
https://www.bleepingcomputer.com/news/microsoft/microsoft-delays-wsus-driver-sync-deprecation-indefinitely/Microsoft adds hotpatching support to Windows 11 Enterprise – Microsoft announced that hotpatch updates (which install security fixes without rebooting) are now available for Windows 11 Enterprise 24H2. Business PCs meeting the requirements (e.g. with E3/E5 licenses and Intune-managed) can apply most monthly security patches in the background with no downtime, reducing disruptions in enterprise environments.
https://www.bleepingcomputer.com/news/microsoft/microsoft-adds-hotpatching-support-to-windows-11-enterprise/Malicious VSCode extensions infect Windows with cryptominers – Security researchers found nine Visual Studio Code extensions on Microsoft’s VSCode Marketplace that covertly install a cryptomining malware. Once installed, the fake extensions run a PowerShell script to disable defenses, persist via scheduled tasks, and deploy an XMRig miner. IT teams should audit and remove these rogue extensions (which had 300K+ installs) to protect developer workstations.
https://www.bleepingcomputer.com/news/security/malicious-vscode-extensions-infect-windows-with-cryptominers/Microsoft warns of tax-themed phishing using PDFs/QR codes – Microsoft is alerting organizations to active phishing campaigns that use tax season lures and novel tricks to evade detection. Attackers send emails with PDF attachments or QR codes that ultimately lead victims to malicious sites (via URL shorteners and legit services) to steal Microsoft 365 credentials or deliver malware (like Remcos RAT and other tools). Admins are urged to educate users and strengthen email defenses as these attacks ramp up.
https://thehackernews.com/2025/04/microsoft-warns-of-tax-themed-email.htmlWinRAR flaw bypasses Windows Mark of the Web security alerts – A newly disclosed vulnerability in the popular WinRAR archiver (CVE-2025-31334) allows attackers to bypass Windows “Mark of the Web” protections. By hiding a malicious executable behind a specially crafted archive symlink, an attacker could run code on a PC without the usual security warning. Enterprise security teams should update WinRAR to the fixed version 7.11 to mitigate this risk on any systems where it’s installed.
https://www.bleepingcomputer.com/news/security/winrar-flaw-bypasses-windows-mark-of-the-web-security-alerts/