Microsoft issued a security update for Azure users against a critical Remote code execution bug that affects .NET Core at PowerShell Version 7.0 & 7.1, and the bug allows hackers to gain access to your Azure resources remotely.
PowerShell is a scripting language that is built on the .NET Common Language Runtime (CLR) and is developed with the features to run cross-platform includes on Windows, Linux, and macOS.
The Vulnerability can be tracked as CVE-2021-24112 that is affected by the.NET 5.0, .NET Core 3.1, and .NET Core 2.1 also note that Windows PowerShell 5.1 isn’t affected by this issue.
According to a Microsoft report “The vulnerable package is System.Text.Encodings.Web . Upgrading your package and redeploying your app should be sufficient to address this vulnerability.”
Any following .NET 5, .NET Core, or .NET Framework-based application that uses the System.Text.Encodings.Web package with a vulnerable version.
| Package Name | Vulnerable Versions | Secure Versions |
|---|---|---|
| System.Text.Encodings.Web | 4.0.0 – 4.5.0 | 4.5.1 |
| System.Text.Encodings.Web | 4.6.0-4.7.1 | 4.7.2 |
| System.Text.Encodings.Web | 5.0.0 | 5.0.1 |
Since there is no workaround mitigation, Microsoft highly recommended upgrading from PowerShell Version 7.0 to 7.0.6 & Version 7.1 to 7.1.3. You can download the new version of PowerShell here.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
