Microsoft is recommending its Azure users to update PowerShell versions 7.0 and 7.1 to protect against a high severity remote code execution vulnerability tracked as CVE-2021-26701.
The IT giant is inviting the PowerShell task automation tool to versions 7.0.6 or 7.1.3 as soon as possible.
“If you manage yoiur Azure resources from PowerShell version 7.0 or 7.1, we’ve released new versions of PowerShell to address a .NET Core remote code execution vulnerability in versions 7.0 and 7.1. We recommend that you install the updated versions as soon as possible.” reads the advisory published by Microsoft. “Windows PowerShell 5.1 isn’t affected by this issue.”
The CVE-2021-26701 flaw was addressed by Microsoft with the release of Patch Tuesday February security updates.
The .NET Core and Visual Studio Remote Code Execution vulnerability “exists in .NET 5 and .NET Core due to how text encoding is performed.“
Experts believe that the exploitation of the flaw is very difficult and for this reason, Microsoft labeled it “Exploitation Less Likely,” which means while exploit code could be created, an attacker would likely have difficulty creating the code, requiring expertise and/or sophisticated timing, and/or varied results when targeting the affected product.
“To best protect against this vulnerability, please install the new PowerShell version as soon as possible to update from:
• Version 7.0 to 7.0.6
• Version 7.1 to 7.1.3” concludes Microsoft.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Azure)
[adrotate banner=”5″]
[adrotate banner=”13″]
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher…
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack…
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly…
This website uses cookies.