June 7, 2023

PowerShell provides a command-line shell, a framework, and a scripting language focused on automation for processing PowerShell cmdlets running on all major platforms, including Windows, Linux, and macOS combining with structural programming language.

Microsoft warns of a critical .NET Core remote code execution vulnerability in PowerShell 7 caused by how text encoding is performed in .NET 5 and .NET Core.

The company says no mitigation measures are available to block exploitation of the security flaw tracked as CVE-2021-26701. Urging to install the updated PowerShell  7.0.6 and 7.1.3 versions as soon as possible to protect their systems from potential attacks.

The vulnerable package is System.Text.Encodings.Web. Upgrading your package and redeploying your app should be sufficient to address this vulnerability.

While Visual Studio also contains the binaries for .NET, it is not vulnerable to this issue. The update is offered to include the .NET files so that apps built using Visual Studio including .NET functionality will be protected from this security issue.

Microsoft announced it would be making it easier to update PowerShell on Windows 10 and Windows Server by releasing future updates through the Microsoft Update service.

Leave a Reply

%d bloggers like this: