Security News > 2021 > July > Microsoft warns of critical PowerShell 7 code execution vulnerability
NET Core remote code execution vulnerability in PowerShell 7 caused by how text encoding is performed in.
PowerShell provides a command-line shell, a framework, and a scripting language focused on automation for processing PowerShell cmdlets.
Microsoft's initial advisory also provides developers with guidance on updating their apps to remove this vulnerability.
"The vulnerable package is System.Text.Encodings.Web. Upgrading your package and redeploying your app should be sufficient to address this vulnerability," Microsoft explained in April when the security flaw was patched.
"If you have questions, ask them in GitHub, where the Microsoft development team and the community of experts are closely monitoring for new issues and will provide answers as soon as possible," Microsoft added.
Microsoft has also recently announced that it would be making it easier to update PowerShell on Windows 10 and Windows Server by releasing future updates through the Microsoft Update service.
News URL
Related news
- Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining (source)
- CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability (source)
- Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (source)
- Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability (source)
- A critical vulnerability in Delinea Secret Server allows auth bypass, admin access (source)
- PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389) (source)
- Patch up – 4 critical bugs in ArubaOS lead to remote code execution (source)
- Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code Execution (source)
- Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002) (source)