1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft warns users to update PowerShell 'as soon as possible'

    From TechnologyDaily@1337:1/100 to All on Mon Jul 5 13:45:03 2021
    Microsoft warns users to update PowerShell 'as soon as possible'

    Date:
    Mon, 05 Jul 2021 12:27:08 +0000

    Description:
    A critical vulnerability in a .NET package could be exploited to launch RCE attacks.

    FULL STORY ======================================================================

    Microsoft is urging users to install the updated versions of PowerShell 7 without delay to protect against a remote code execution (RCE) vulnerability in .NET .

    PowerShell is a configuration management framework that provides a command-line shell, and a scripting language for task automation. It is powered by .NET, which uses a text encoding package that has recently been patched against a RCE vulnerability.

    If you manage your Azure resources from PowerShell version 7.0 or 7.1, weve released new versions of PowerShell to address a .NET Core remote code execution vulnerability in versions 7.0 and 7.1. We recommend that you
    install the updated versions as soon as possible, read an update posted on Microsoft Azure s website. Protect your devices with these best antivirus software These are the best ransomware protection tools Here's our choice of the best malware removal software on the market Critical vulnerability

    With a score of 9.8, the .NET vulnerability has been identified as a critical vulnerability and was patched in April.

    The vulnerability, tracked as CVE-2021-26701 was found in the System.Text.Encodings.Web package and impacts .NET 5.0, .NET Core 3.1, and .NET Core 2.1.

    In order to avoid falling prey to the vulnerability, Microsoft is urging
    users to upgrade from PowerShell v7.0 to 7.0.6. Similarly, users of
    PowerShell v7.1 should switch to v7.1.3.

    Beyond PowerShell, Microsoft's initial advisory also provides guidance to developers to remove this vulnerability from their .NET-powered apps.

    "The vulnerable package is System.Text.Encodings.Web. Upgrading your package and redeploying your app should be sufficient to address this vulnerability," explained Microsoft. We've put together a list of the best endpoint
    protection software

    Via Bleeping Computer



    ======================================================================
    Link to news story: https://www.techradar.com/news/update-powershell-as-soon-as-possible-microsoft -warns/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)