Microsoft warns users to update PowerShell ‘as soon as possible’

The RCE vulnerability has now been patched

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Microsoftisurging usersto install the updated versions of PowerShell 7 without delay to protect against a remote code execution (RCE) vulnerability in.NET.

PowerShell is a configuration management framework that provides a command-line shell, and a scripting language for task automation. It is powered by .NET, which uses a text encoding package that hasrecently been patchedagainst a RCE vulnerability.

“If you manage your Azure resources from PowerShell version 7.0 or 7.1, we’ve released new versions of PowerShell to address a.NET Core remote code execution vulnerabilityin versions 7.0 and 7.1. We recommend that you install the updated versions as soon as possible,” read an update posted onMicrosoft Azure’s website.

Critical vulnerability

Critical vulnerability

With a score of 9.8, the .NET vulnerability has been identified as a critical vulnerability and was patched in April.

The vulnerability, tracked as CVE-2021-26701 was found in the System.Text.Encodings.Web package and impacts .NET 5.0, .NET Core 3.1, and .NET Core 2.1.

In order to avoid falling prey to the vulnerability, Microsoft is urging users to upgrade from PowerShell v7.0 to 7.0.6. Similarly, users of PowerShell v7.1 should switch to v7.1.3.

Beyond PowerShell, Microsoft’s initial advisory also provides guidance to developers to remove this vulnerability from their .NET-powered apps.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“The vulnerable package is System.Text.Encodings.Web. Upgrading your package and redeploying your app should be sufficient to address this vulnerability,” explained Microsoft.

ViaBleeping Computer

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)