Security News > 2021 > October > Microsoft asks admins to patch PowerShell to fix WDAC bypass

Microsoft asks admins to patch PowerShell to fix WDAC bypass
2021-10-18 13:30

Microsoft has asked system administrators to patch PowerShell 7 against two vulnerabilities allowing attackers to bypass Windows Defender Application Control enforcements and gain access to plain text credentials.

PowerShell is a cross-platform solution that provides a command-line shell, a framework, and a scripting language focused on automation for processing PowerShell cmdlets.

Redmond released PowerShell 7.0.8 and PowerShell 7.1.5 to address these security flaws in the PowerShell 7 and PowerShell 7.1 branches in September and October.

"To exploit the vulnerability, an attacker need administrator access on a local machine where PowerShell is running. The attacker could then connect to a PowerShell session and send commands to execute arbitrary code," Microsoft explains.

The CVE-2020-0951 vulnerability affects both PowerShell 7 and PowerShell 7.1 versions, while CVE-2021-41355 only impacts users of PowerShell 7.1.

Microsoft recently announced that it would be making it easier to update PowerShell for Windows 10 and Windows Server customers by releasing future updates via the Microsoft Update service.


News URL

https://www.bleepingcomputer.com/news/microsoft/microsoft-asks-admins-to-patch-powershell-to-fix-wdac-bypass/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-10-13 CVE-2021-41355 Unspecified vulnerability in Microsoft .Net and Visual Studio 2019
.NET Core and Visual Studio Information Disclosure Vulnerability 		0.0
0.0
2020-09-11 CVE-2020-0951 Unspecified vulnerability in Microsoft products
<p>A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement. 		0.0
0.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 373 51 1390 2826 168 4435