Security News > 2021 > July > Microsoft warns of critical PowerShell 7 code execution vulnerability
NET Core remote code execution vulnerability in PowerShell 7 caused by how text encoding is performed in.
PowerShell provides a command-line shell, a framework, and a scripting language focused on automation for processing PowerShell cmdlets.
Microsoft's initial advisory also provides developers with guidance on updating their apps to remove this vulnerability.
"The vulnerable package is System.Text.Encodings.Web. Upgrading your package and redeploying your app should be sufficient to address this vulnerability," Microsoft explained in April when the security flaw was patched.
"If you have questions, ask them in GitHub, where the Microsoft development team and the community of experts are closely monitoring for new issues and will provide answers as soon as possible," Microsoft added.
Microsoft has also recently announced that it would be making it easier to update PowerShell on Windows 10 and Windows Server by releasing future updates through the Microsoft Update service.
News URL
Related news
- Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability (source)
- Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites (source)
- Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Microsoft: Another Chinese cyberspy crew targeting US critical orgs 'as of yesterday' (source)