Microsoft, Google, Apple, Windows, Android, iOS, Internet, Cyber Security, Hacking, Malware, Smartphone, Mobile App


Microsoft warns users to update PowerShell ‘as soon as possible’

Microsoft is urging users to install the updated versions of PowerShell 7 without delay to protect against a remote code execution (RCE) vulnerability in .NET.

PowerShell is a configuration management framework that provides a command-line shell, and a scripting language for task automation. It is powered by .NET, which uses a text encoding package that has recently been patched against a RCE vulnerability.

“If you manage your Azure resources from PowerShell version 7.0 or 7.1, we’ve released new versions of PowerShell to address a .NET Core remote code execution vulnerability in versions 7.0 and 7.1. We recommend that you install the updated versions as soon as possible,” read an update posted on Microsoft Azure’s website.

Critical vulnerability

With a score of 9.8, the .NET vulnerability has been identified as a critical vulnerability and was patched in April.

In order to avoid falling prey to the vulnerability, Microsoft is urging users to upgrade from PowerShell v7.0 to 7.0.6. Similarly, users of PowerShell v7.1 should switch to v7.1.3.

Beyond PowerShell, Microsoft’s initial advisory also provides guidance to developers to remove this vulnerability from their .NET-powered apps.

“The vulnerable package is System.Text.Encodings.Web. Upgrading your package and redeploying your app should be sufficient to address this vulnerability,” explained Microsoft.


Leave A Reply

Your email address will not be published.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy