Microsoft found a critical RCE PowerShell vulnerability that could allow an attacker to launch a remote code execution vulnerability. Microsoft recommends Azure users to upgrade PowerShell to protect against the RCE vulnerability.
Table of Contents
What Is PowerShell?
“PowerShell is a cross-platform task automation utility made up of a command-line shell, a scripting language, and a configuration management framework. PowerShell runs on most of the Windows, Linux, and macOS platforms.” Click here to read more about PowerShell.
PowerShell Vulnerability Affected Versions:
The issue lice with CVE-2021-26701. PowerShell v 7.0 & v7.1 were affected by this vulnerability, and it has been fixed in v 7.0.6 and 7.1.3, respectively. Microsoft says that Windows PowerShell v5.1 is considered safe from vulnerability.
Vulnerable Package Versions:
|Package Name||Vulnerable Versions||Secure Versions|
|System.Text.Encodings.Web||4.0.0 – 4.5.0||4.5.1|
How To Check The PowerShell Version?
There are different ways to see the version of the PowerShell. However, we have shared three simple commands to check the PowerShell version.
- >Get-Host | Select-Object Version
How To Fix The Critical RCE PowerShell Vulnerability?
The best way to fix this Critical RCE PowerShell Vulnerability is to Upgrade PowerShell to the latest version.
• Version 7.0 to 7.0.6
• Version 7.1 to 7.1.3
PowerShell is a multi-platform utility. Here you can see the procedure to install/upgrade PowerShell on a different platform.
- Installing PowerShell on Windows
- Installing PowerShell on Linux
- Installing PowerShell on macOS
- Installing PowerShell on ARM
Thanks for reading this post. Would you mind sharing this with Azure users and making them aware of this critical RCE PowerShell vulnerability?