Microsoft Tells Azure Users to Update PowerShell to Patch Vulnerability

2021-07-02 15:24

Microsoft has told Azure users to update PowerShell - if they are using versions 7.0 or 7.1 - to address a remote code execution vulnerability patched earlier this year.

The tech giant has advised customers who manage their Azure resources using affected versions of the PowerShell task automation solution to update to versions 7.0.6 or 7.1.3.

The updated version should be installed "As soon as possible." Windows PowerShell 5.1 is not impacted.

The vulnerability, tracked as CVE-2021-26701 and rated high severity, was fixed by Microsoft in February with its Patch Tuesday updates.

In its advisory for CVE-2021-26701, Microsoft says the flaw has been publicly disclosed but assigned it an exploitability rating of "Exploitation less likely," which indicates that "While exploit code could be created, an attacker would likely have difficulty creating the code, requiring expertise and/or sophisticated timing, and/or varied results when targeting the affected product."

Eduard Kovacs is a contributing editor at SecurityWeek.

News URL

http://feedproxy.google.com/~r/securityweek/~3/BQB3NSZ5lQM/microsoft-tells-azure-users-update-powershell-patch-vulnerability

#azure #microsoft #patch #powershell #vulnerability #CVE-2021-26701

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2021-02-25	CVE-2021-26701	.NET Core Remote Code Execution Vulnerability microsoft fedoraproject	0.0

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Microsoft		381	52	1423	2925	176	4576

News URL

Related news

Related Vulnerability

Related vendor