Security News > 2021 > July > Microsoft Tells Azure Users to Update PowerShell to Patch Vulnerability
Microsoft has told Azure users to update PowerShell - if they are using versions 7.0 or 7.1 - to address a remote code execution vulnerability patched earlier this year.
The tech giant has advised customers who manage their Azure resources using affected versions of the PowerShell task automation solution to update to versions 7.0.6 or 7.1.3.
The updated version should be installed "As soon as possible." Windows PowerShell 5.1 is not impacted.
The vulnerability, tracked as CVE-2021-26701 and rated high severity, was fixed by Microsoft in February with its Patch Tuesday updates.
In its advisory for CVE-2021-26701, Microsoft says the flaw has been publicly disclosed but assigned it an exploitability rating of "Exploitation less likely," which indicates that "While exploit code could be created, an attacker would likely have difficulty creating the code, requiring expertise and/or sophisticated timing, and/or varied results when targeting the affected product."
Eduard Kovacs is a contributing editor at SecurityWeek.
News URL
Related news
- April 2024 Patch Tuesday forecast: New and old from Microsoft (source)
- Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs (source)
- Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included (source)
- Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability (source)
- Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws (source)
- May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040) (source)
- It's Time to Master the Lift & Shift: Migrating from VMware vSphere to Microsoft Azure (source)
- Microsoft to start enforcing Azure multi-factor authentication in July (source)
- The End of an Era: Microsoft Phases Out VBScript for JavaScript and PowerShell (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-02-25 | CVE-2021-26701 | .NET Core Remote Code Execution Vulnerability | 8.1 |