Security News > 2021 > July > Microsoft Tells Azure Users to Update PowerShell to Patch Vulnerability
Microsoft has told Azure users to update PowerShell - if they are using versions 7.0 or 7.1 - to address a remote code execution vulnerability patched earlier this year.
The tech giant has advised customers who manage their Azure resources using affected versions of the PowerShell task automation solution to update to versions 7.0.6 or 7.1.3.
The updated version should be installed "As soon as possible." Windows PowerShell 5.1 is not impacted.
The vulnerability, tracked as CVE-2021-26701 and rated high severity, was fixed by Microsoft in February with its Patch Tuesday updates.
In its advisory for CVE-2021-26701, Microsoft says the flaw has been publicly disclosed but assigned it an exploitability rating of "Exploitation less likely," which indicates that "While exploit code could be created, an attacker would likely have difficulty creating the code, requiring expertise and/or sophisticated timing, and/or varied results when targeting the affected product."
Eduard Kovacs is a contributing editor at SecurityWeek.
News URL
Related news
- Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel (source)
- Microsoft warns Azure Virtual Desktop users of black screen issues (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft slips Task Manager and processor count fixes into Patch Tuesday (source)
- PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs and Patch Released (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-02-25 | CVE-2021-26701 | .NET Core Remote Code Execution Vulnerability | 0.0 |