Microsoft Urges Azure Users to Update PowerShell to Patch RCE Flaw

Cyber Security

Microsoft is urging Azure users to update the PowerShell command-line tool as soon as possible to protect against a critical remote code execution vulnerability impacting .NET Core.

The issue, tracked as CVE-2021-26701 (CVSS score: 8.1), affects PowerShell versions 7.0 and 7.1 and have been remediated in versions 7.0.6 and 7.1.3, respectively. Windows PowerShell 5.1 isn’t impacted by the flaw.

Built on the .NET Common Language Runtime (CLR), PowerShell is a cross-platform task automation utility that consists of a command-line shell, a scripting language, and a configuration management framework.

Stack Overflow Teams

“A remote code execution vulnerability exists in .NET 5 and .NET Core due to how text encoding is performed,” the company noted in an advisory published earlier this April, adding that the problem resides in the “System.Text.Encodings.Web” package, which provides types for encoding and escaping strings for use in JavaScript, HTML, and URLs.

  • System.Text.Encodings.Web (version 4.0.0 – 4.5.0) – Fixed in version 4.5.1
  • System.Text.Encodings.Web (version 4.6.0 – 4.7.1) – Fixed in version 4.7.2
  • System.Text.Encodings.Web (version 5.0.0) – Fixed in version 5.0.1

CVE-2021-26701 was originally addressed by Microsoft as part of its Patch Tuesday update for February 2021. Given that there are no workarounds that mitigate the vulnerability, it’s highly recommended to update to the latest versions.

Articles You May Like

Samsung Black Friday Sale Begins November 24, Discounts on Galaxy S22, Galaxy Z Fold 4, Galaxy Z Flip, More
U.S. Bans Chinese Telecom Equipment and Surveillance Cameras Over National Security Risk
iPhone Factory Workers’ Protest: Over 20,000 New Hires Said to Leave Foxconn’s Zhengzhou Plant
Black Friday Sale India, Cyber Monday 2022: Best Deals on Electronics, Games, More
Nothing Phone 1 Gets New Update With November 2022 Security Patch, AirPods Battery Percentage Display, More