Microsoft Urges Azure Customers to Replace PowerShell to Patch RCE Flaw

Microsoft is urging Azure customers to update the PowerShell command-line software as quickly as doable to guard towards a crucial distant code execution vulnerability impacting .NET Core.

The problem, tracked as CVE-2021-26701 (CVSS rating: 8.1), impacts PowerShell variations 7.0 and seven.1 and have been remediated in variations 7.0.6 and seven.1.3, respectively. Home windows PowerShell 5.1 is not impacted by the flaw.

Constructed on the .NET Widespread Language Runtime (CLR), PowerShell is a cross-platform job automation utility that consists of a command-line shell, a scripting language, and a configuration administration framework.

Stack Overflow Teams

“A distant code execution vulnerability exists in .NET 5 and .NET Core attributable to how textual content encoding is carried out,” the corporate noted in an advisory revealed earlier this April, including that the issue resides within the “System.Text.Encodings.Web” bundle, which supplies sorts for encoding and escaping strings to be used in JavaScript, HTML, and URLs.

  • System.Textual content.Encodings.Internet (model 4.0.0 – 4.5.0) – Mounted in model 4.5.1
  • System.Textual content.Encodings.Internet (model 4.6.0 – 4.7.1) – Mounted in model 4.7.2
  • System.Textual content.Encodings.Internet (model 5.0.0) – Mounted in model 5.0.1

CVE-2021-26701 was initially addressed by Microsoft as a part of its Patch Tuesday update for February 2021. On condition that there are not any workarounds that mitigate the vulnerability, it is extremely really helpful to replace to the most recent variations.

Source link