PowerShell 7.0 & 7.1

Microsoft issued a security update for Azure users against a critical Remote code execution bug that affects .NET Core at PowerShell Version 7.0 & 7.1, and the bug allows hackers to gain access to your Azure resources remotely.

PowerShell is a scripting language that is built on the .NET Common Language Runtime (CLR) and is developed with the features to run cross-platform includes on Windows, Linux, and macOS.

The Vulnerability can be tracked as CVE-2021-24112 that is affected by the.NET 5.0, .NET Core 3.1, and .NET Core 2.1 also note that Windows PowerShell 5.1 isn’t affected by this issue.

According to a Microsoft report “The vulnerable package is System.Text.Encodings.Web . Upgrading your package and redeploying your app should be sufficient to address this vulnerability.”

Any following .NET 5, .NET Core, or .NET Framework-based application that uses the System.Text.Encodings.Web package with a vulnerable version.

Package NameVulnerable VersionsSecure Versions
System.Text.Encodings.Web4.0.0 – 4.5.04.5.1
System.Text.Encodings.Web4.6.0-4.7.14.7.2
System.Text.Encodings.Web5.0.05.0.1

Since there is no workaround mitigation, Microsoft highly recommended upgrading from PowerShell Version 7.0 to 7.0.6 & Version 7.1 to 7.1.3. You can download the new version of PowerShell here.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Leave a Reply