June 7, 2023

PowerShell provides a command-line shell, a framework, and a scripting language focused on automation for processing PowerShell cmdlets running on all major platforms, including Windows, Linux, and macOS combining with structural programming language.

Microsoft warns of a critical .NET Core remote code execution vulnerability in PowerShell 7 caused by how text encoding is performed in .NET 5 and .NET Core.

The company says no mitigation measures are available to block exploitation of the security flaw tracked as CVE-2021-26701. Urging to install the updated PowerShell  7.0.6 and 7.1.3 versions as soon as possible to protect their systems from potential attacks.

The vulnerable package is System.Text.Encodings.Web. Upgrading your package and redeploying your app should be sufficient to address this vulnerability.

While Visual Studio also contains the binaries for .NET, it is not vulnerable to this issue. The update is offered to include the .NET files so that apps built using Visual Studio including .NET functionality will be protected from this security issue.

Microsoft announced it would be making it easier to update PowerShell on Windows 10 and Windows Server by releasing future updates through the Microsoft Update service.

Tags:

Leave a Reply

You may have missed

Microsoft to comply with LinkedIn GDPR Violation

Microsoft to comply with LinkedIn GDPR Violation

June 7, 2023
Google Fixes Third Chrome Zeroday

Google Fixes Third Chrome Zeroday

June 6, 2023
Moveit Attributed to Lace Tempest

Moveit Attributed to Lace Tempest

June 6, 2023
Byte Code Bites PYPI

Byte Code Bites PYPI

June 5, 2023
Enzo Biochem Suffers a Data Breach

Enzo Biochem Suffers a Data Breach

June 5, 2023
BlackSuit Ransomware Dissection

BlackSuit Ransomware Dissection

June 4, 2023
%d bloggers like this: