Update PowerShell 7.0 & 7.1 To Protect Your Azure Resources From Hackers Against .NET Core RCE Bug

Microsoft issued a security update for Azure users against a critical Remote code execution bug that affects .NET Core at PowerShell Version 7.0 & 7.1, and the bug allows hackers to gain access to your Azure resources remotely.

PowerShell is a scripting language that is built on the .NET Common Language Runtime (CLR) and is developed with the features to run cross-platform includes on Windows, Linux, and macOS.

The Vulnerability can be tracked as CVE-2021-24112 that is affected by the.NET 5.0, .NET Core 3.1, and .NET Core 2.1 also note that Windows PowerShell 5.1 isn’t affected by this issue.

According to a Microsoft report “The vulnerable package is System.Text.Encodings.Web . Upgrading your package and redeploying your app should be sufficient to address this vulnerability.”

Any following .NET 5, .NET Core, or .NET Framework-based application that uses the System.Text.Encodings.Web package with a vulnerable version.

Package NameVulnerable VersionsSecure Versions
System.Text.Encodings.Web4.0.0 – 4.5.04.5.1
System.Text.Encodings.Web4.6.0-4.7.14.7.2
System.Text.Encodings.Web5.0.05.0.1

Since there is no workaround mitigation, Microsoft highly recommended upgrading from PowerShell Version 7.0 to 7.0.6 & Version 7.1 to 7.1.3. You can download the new version of PowerShell here.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Spyroid RAT Attacking Android Users to Steal Confidential Data

A new type of Remote Access Trojan (RAT) named Spyroid has been identified. This malicious software is specifically designed to…

24 mins ago

Researchers Uncover that UK.GOV Websites Sending Data to Chinese Ad Vendor Analysts

Analysts from Silent Push, a data analytics firm, have uncovered several UK government websites sending user data to a controversial…

2 hours ago

Ransomware Victims Who Opt To Pay Ransom Hits Record Low

Law enforcement operations disrupted BlackCat and LockBit RaaS operations, including sanctions on LockBit members aiming to undermine affiliate confidence. In…

5 hours ago

IBM Nearing Talks to Acquire Cloud-software Provider HashiCorp

IBM is reportedly close to finalizing negotiations to acquire HashiCorp, a prominent cloud infrastructure software market player. This potential acquisition…

5 hours ago

Rewards Up to $10 Million for Information on Iranian Hackers

The United States Justice Department has announced big rewards for information leading to the capture of four Iranian nationals. These…

6 hours ago

PoC Exploit Released For Critical Oracle VirtualBox Vulnerability

Oracle Virtualbox was identified and reported as having a critical vulnerability associated with Privilege Escalation and Arbitrary File Move/Delete. This…

1 day ago