Microsoft is urging users (opens in new tab) to install the updated versions of PowerShell 7 without delay to protect against a remote code execution (RCE) vulnerability in .NET (opens in new tab).
PowerShell is a configuration management framework that provides a command-line shell, and a scripting language for task automation. It is powered by .NET, which uses a text encoding package that has recently been patched (opens in new tab) against a RCE vulnerability.
“If you manage your Azure resources from PowerShell version 7.0 or 7.1, we’ve released new versions of PowerShell to address a .NET Core remote code execution vulnerability (opens in new tab) in versions 7.0 and 7.1. We recommend that you install the updated versions as soon as possible,” read an update posted on Microsoft Azure (opens in new tab)’s website.
- Protect your devices with these best antivirus software (opens in new tab)
- These are the best ransomware protection tools (opens in new tab)
- Here's our choice of the best malware removal (opens in new tab) software on the market
Critical vulnerability
With a score of 9.8, the .NET vulnerability has been identified as a critical vulnerability and was patched in April.
The vulnerability, tracked as CVE-2021-26701 was found in the System.Text.Encodings.Web package and impacts .NET 5.0, .NET Core 3.1, and .NET Core 2.1.
In order to avoid falling prey to the vulnerability, Microsoft is urging users to upgrade from PowerShell v7.0 to 7.0.6. Similarly, users of PowerShell v7.1 should switch to v7.1.3.
Beyond PowerShell, Microsoft's initial advisory also provides guidance to developers to remove this vulnerability from their .NET-powered apps.
"The vulnerable package is System.Text.Encodings.Web. Upgrading your package and redeploying your app should be sufficient to address this vulnerability," explained Microsoft.
- We've put together a list of the best endpoint protection (opens in new tab) software
Via Bleeping Computer (opens in new tab)