Microsoft Power Automate - Run Python scripts using current Python versions in desktop flows

🚨 The Signal: Power Automate desktop flows can now run Python scripts using current Python versions, expanding automation capabilities beyond legacy IronPython. This introduces new avenues for script execution and potential supply chain risks.

The Impact

Security teams and administrators are affected by increased risk of malicious script execution and supply chain attacks.

• Security Teams: Increased attack surface from arbitrary Python script execution.
• Administrators: New vectors for malware delivery and data exfiltration via automation.
• Developers: Greater flexibility but also greater responsibility for secure coding practices.
• Organisations: Potential for unapproved software execution and data breaches.

The Action

1. Review and update existing Power Automate desktop flow governance policies to include modern Python script execution.
2. Implement Application Control policies (e.g., AppLocker, WDAC) to restrict Python interpreter execution to trusted paths and signed scripts.
3. Educate Power Automate developers on secure Python coding practices and supply chain risks.
4. Monitor Power Automate desktop flow activity logs for unusual Python script execution patterns.
5. Consider implementing a dedicated, secured environment for Power Automate desktop flow development and execution.

Domain: Other · Impact: high · Workload: Other · Essential Eight: Application Control, User Application Hardening · ISM: ISM-0843, ISM-1412, ISM-1485, ISM-1486, ISM-1490, ISM-1542, ISM-1544, ISM-1582, ISM-1585, ISM-1656, ISM-1657, ISM-1658, ISM-1659, ISM-1660, ISM-1667, ISM-1668, ISM-1669, ISM-1670, ISM-1823, ISM-1824, ISM-1859, ISM-1860, ISM-1870, ISM-1871