Because of how text encoding is performed, there is a remote code execution vulnerability in.NET 5 and.NET Core. Microsoft has introduced new versions of PowerShell to address a.NET Core remote code execution vulnerability in versions 7.0 and 7.1 If you manage your Azure resources with PowerShell.
You are strongly advised to instal the updated versions as soon as possible.
What is this Vulnerability in the system?
The vulnerability, identified as CVE-2021-26701, is rated disruptive and may significantly impact Windows, macOS, and Linux. The security flaw has been at notice for quite some time, but Microsoft is only now urging users to instal updates to ensure their safety.
Microsoft is notably indulging in the release of this security advisory with the intention of providing valuable information about a vulnerability in.NET 5.0 as well as .NET Core 3.1, which were released with PowerShell 7.0 and 7.1. This advisory also includes instructions for developers on how to update their applications to address this vulnerability.
Because there is no way to protect against the vulnerability, users are advised to instal the most recent update for their version of the software. PowerShell 7.0 users should update to version 7.0.6, while PowerShell 7.1 users should instal version 7.1.3
This problem does not affect Windows PowerShell 5.1.
Microsoft has issued a warning to PowerShell 7.0 and 7.1 users to update their software to protect themselves against a.NET Core remote code execution vulnerability.
The vulnerability, identified as CVE-2021-26701, was discovered in the System.
Web package with implications for.NET 5.0,.NET Core 3.1, and.NET Core 2.1.
To avoid becoming a victim of the vulnerability, Microsoft recommends that users upgrade from PowerShell v7.0 to 7.0.6. Similarly, PowerShell v7.1 users should upgrade to v7.1.3.
Aside from PowerShell, Microsoft’s initial advisory instructs developers on how to patch this vulnerability in their. NET-powered applications.
According to Microsoft’s security advisory, while Visual Studio contains.NET binaries, it is not vulnerable to this subject.
The update includes the.NET files, ensuring that apps built with Visual Studio that include.NET functionality are safe from this data breach.
What is this PowerShell we are talking about?
PowerShell is a configuration management model that provides a command-line shell as well as a scripting language for automating tasks. It is powered by.NET, which employs a text encoding package that was recently patched to address an RCE vulnerability. PowerShell is a command-line shell, a framework, and a programming language for processing PowerShell cmdlets that focuses on automation.
It supports working with structured data such as JSON, CSV, and XML, as well as REST APIs and object models, and it operates on all major platforms including Windows, Linux, and macOS.
Microsoft has also officially unveiled that future updates to PowerShell on Windows 10 and Windows Server will be distributed via the Microsoft Update service, enabling it to keep up to date.
Package and update synopsis
|Old version||updated version|
|4.0.0 – 4.5.0||4.5.1|
If you’re a Powershell user, it is recommended to update your software in order to stay protected from outsourcing bugs.