Microsoft issued a security update for Azure users against a critical Remote code execution bug that affects .NET Core at PowerShell Version 7.0 & 7.1, and the bug allows hackers to gain access to your Azure resources remotely.
PowerShell is a scripting language that is built on the .NET Common Language Runtime (CLR) and is developed with the features to run cross-platform includes on Windows, Linux, and macOS.
The Vulnerability can be tracked as CVE-2021-24112 that is affected by the.NET 5.0, .NET Core 3.1, and .NET Core 2.1 also note that Windows PowerShell 5.1 isn’t affected by this issue.
According to a Microsoft report “The vulnerable package is
System.Text.Encodings.Web . Upgrading your package and redeploying your app should be sufficient to address this vulnerability.”
Any following .NET 5, .NET Core, or .NET Framework-based application that uses the System.Text.Encodings.Web package with a vulnerable version.
|Package Name||Vulnerable Versions||Secure Versions|
|System.Text.Encodings.Web||4.0.0 – 4.5.0||4.5.1|
Since there is no workaround mitigation, Microsoft highly recommended upgrading from PowerShell Version 7.0 to 7.0.6 & Version 7.1 to 7.1.3. You can download the new version of PowerShell here.