Security News > 2021 > July > Microsoft warns of critical PowerShell 7 code execution vulnerability
NET Core remote code execution vulnerability in PowerShell 7 caused by how text encoding is performed in.
PowerShell provides a command-line shell, a framework, and a scripting language focused on automation for processing PowerShell cmdlets.
Microsoft's initial advisory also provides developers with guidance on updating their apps to remove this vulnerability.
"The vulnerable package is System.Text.Encodings.Web. Upgrading your package and redeploying your app should be sufficient to address this vulnerability," Microsoft explained in April when the security flaw was patched.
"If you have questions, ask them in GitHub, where the Microsoft development team and the community of experts are closely monitoring for new issues and will provide answers as soon as possible," Microsoft added.
Microsoft has also recently announced that it would be making it easier to update PowerShell on Windows 10 and Windows Server by releasing future updates through the Microsoft Update service.
News URL
Related news
- Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)
- Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution (source)
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation (source)
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
- Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability (source)
- Critical flaws in Mongoose library expose MongoDB to data thieves, code execution (source)