diff --git a/include/boost/process/v2/windows/default_launcher.hpp b/include/boost/process/v2/windows/default_launcher.hpp
index 52d863a25..b61477430 100644
--- a/include/boost/process/v2/windows/default_launcher.hpp
+++ b/include/boost/process/v2/windows/default_launcher.hpp
@@ -225,6 +225,9 @@ struct default_launcher
                               INVALID_HANDLE_VALUE,
                               INVALID_HANDLE_VALUE},
                               nullptr};
+  /// Allow batch files to be executed, which might pose a security threat.
+  bool allow_batch_files = false;
+                              
   /// The process_information that gets assigned after a call to CreateProcess
   PROCESS_INFORMATION process_information{nullptr, nullptr, 0,0};
 
@@ -293,6 +296,12 @@ struct default_launcher
                   Args && args,
                   Inits && ... inits ) -> enable_init<Executor, Inits...>
   {
+    if (!allow_batch_files && ((executable.extension() == ".bat") || (executable.extension() == ".cmd")))
+    {
+       BOOST_PROCESS_V2_ASSIGN_EC(ec, ERROR_ACCESS_DENIED, system_category());
+       return basic_process<Executor>(exec);
+    }
+  
     auto command_line = this->build_command_line(executable, std::forward<Args>(args));
 
     ec = detail::on_setup(*this, executable, command_line, inits...);
@@ -438,4 +447,4 @@ BOOST_PROCESS_V2_END_NAMESPACE
 
 
 
-#endif //BOOST_PROCESS_V2_WINDOWS_DEFAULT_LAUNCHER_HPP
\ No newline at end of file
+#endif //BOOST_PROCESS_V2_WINDOWS_DEFAULT_LAUNCHER_HPP