Security News > 2021 > July > Microsoft Tells Azure Users to Update PowerShell to Patch Vulnerability

Microsoft Tells Azure Users to Update PowerShell to Patch Vulnerability
2021-07-02 15:24

Microsoft has told Azure users to update PowerShell - if they are using versions 7.0 or 7.1 - to address a remote code execution vulnerability patched earlier this year.

The tech giant has advised customers who manage their Azure resources using affected versions of the PowerShell task automation solution to update to versions 7.0.6 or 7.1.3.

The updated version should be installed "As soon as possible." Windows PowerShell 5.1 is not impacted.

The vulnerability, tracked as CVE-2021-26701 and rated high severity, was fixed by Microsoft in February with its Patch Tuesday updates.

In its advisory for CVE-2021-26701, Microsoft says the flaw has been publicly disclosed but assigned it an exploitability rating of "Exploitation less likely," which indicates that "While exploit code could be created, an attacker would likely have difficulty creating the code, requiring expertise and/or sophisticated timing, and/or varied results when targeting the affected product."

Eduard Kovacs is a contributing editor at SecurityWeek.


News URL

http://feedproxy.google.com/~r/securityweek/~3/BQB3NSZ5lQM/microsoft-tells-azure-users-update-powershell-patch-vulnerability

Related Vulnerability

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2819 161 4399