Wednesday, April 24, 2024

Update PowerShell 7.0 & 7.1 To Protect Your Azure Resources From Hackers Against .NET Core RCE Bug

Microsoft issued a security update for Azure users against a critical Remote code execution bug that affects .NET Core at PowerShell Version 7.0 & 7.1, and the bug allows hackers to gain access to your Azure resources remotely.

PowerShell is a scripting language that is built on the .NET Common Language Runtime (CLR) and is developed with the features to run cross-platform includes on Windows, Linux, and macOS.

The Vulnerability can be tracked as CVE-2021-24112 that is affected by the.NET 5.0, .NET Core 3.1, and .NET Core 2.1 also note that Windows PowerShell 5.1 isn’t affected by this issue.

According to a Microsoft report “The vulnerable package is System.Text.Encodings.Web . Upgrading your package and redeploying your app should be sufficient to address this vulnerability.”

Any following .NET 5, .NET Core, or .NET Framework-based application that uses the System.Text.Encodings.Web package with a vulnerable version.

Package NameVulnerable VersionsSecure Versions
System.Text.Encodings.Web4.0.0 – 4.5.04.5.1
System.Text.Encodings.Web4.6.0-4.7.14.7.2
System.Text.Encodings.Web5.0.05.0.1

Since there is no workaround mitigation, Microsoft highly recommended upgrading from PowerShell Version 7.0 to 7.0.6 & Version 7.1 to 7.1.3. You can download the new version of PowerShell here.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Website

Latest articles

Researchers Uncover that UK.GOV Websites Sending Data to Chinese Ad Vendor Analysts

Analysts from Silent Push, a data analytics firm, have uncovered several UK government websites...

Ransomware Victims Who Opt To Pay Ransom Hits Record Low

Law enforcement operations disrupted BlackCat and LockBit RaaS operations, including sanctions on LockBit members...

IBM Nearing Talks to Acquire Cloud-software Provider HashiCorp

IBM is reportedly close to finalizing negotiations to acquire HashiCorp, a prominent cloud infrastructure...

Rewards Up to $10 Million for Information on Iranian Hackers

The United States Justice Department has announced big rewards for information leading to the...

PoC Exploit Released For Critical Oracle VirtualBox Vulnerability

Oracle Virtualbox was identified and reported as having a critical vulnerability associated with Privilege...

Tracing the Steps of Cyber Intruders: The Path of Lateral Movement

When cyber attacks strike, it's rarely a single computer that suffers. Nowadays, cybercriminals set...

U.S. to Impose Visa Restrictions on 13 Individuals Involved in Commercial Spyware Operations

To combat the misuse of commercial spyware, the United States Department of State has...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

WAAP/WAF ROI Analysis

Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

Related Articles