Table of Contents
A Critical RCE PowerShell Vulnerability – Upgrade PowerShell At The Earliest
Microsoft found a critical RCE PowerShell vulnerability that could allow an attacker to launch a remote code execution vulnerability. Microsoft recommends Azure users to upgrade PowerShell to protect against the RCE vulnerability.
What Is PowerShell?
“PowerShell is a cross-platform task automation utility made up of a command-line shell, a scripting language, and a configuration management framework. PowerShell runs on most of the Windows, Linux, and macOS platforms.” Click here to read more about PowerShell.
PowerShell Vulnerability Affected Versions:
The issue lice with CVE-2021-26701. PowerShell v 7.0 & v7.1 were affected by this vulnerability, and it has been fixed in v 7.0.6 and 7.1.3, respectively. Microsoft says that Windows PowerShell v5.1 is considered safe from vulnerability.
The actual RCE PowerShell vulnerability is residing in the “System.Text.Encodings.Web” package. A web encoder package used for HTML, JavaScript, and Url character encoding.
Vulnerable Package Versions:
Package Name | Vulnerable Versions | Secure Versions |
---|---|---|
System.Text.Encodings.Web | 4.0.0 – 4.5.0 | 4.5.1 |
System.Text.Encodings.Web | 4.6.0-4.7.1 | 4.7.2 |
System.Text.Encodings.Web | 5.0.0 | 5.0.1 |
Table #1: PowerShell vulnerability affected version
How To Check The PowerShell Version?
There are different ways to see the version of the PowerShell. However, we have shared three simple commands to check the PowerShell version.
>$PSVersionTable
>get-host
>Get-Host | Select-Object Version
How To Fix The Critical RCE PowerShell Vulnerability?
The best way to fix this Critical RCE PowerShell Vulnerability is to Upgrade PowerShell to the latest version.
• Version 7.0 to 7.0.6
• Version 7.1 to 7.1.3
PowerShell is a multi-platform utility. Here you can see the procedure to install/upgrade PowerShell on a different platform.
Thanks for reading this post. Would you mind sharing this with Azure users and making them aware of this critical RCE PowerShell vulnerability?
You may also like these articles:
What Is Remote Code Execution? How To Prevent Remote Code Execution?
How To Fix CVE-2022-26809- A Critical RCE Vulnerability In Windows RPC Runtime
How To Fix CVE-2022-22718- A Privilege Escalation Vulnerability In Windows Print Spooler
How To Mitigate The Print Spooler Vulnerability – PringNightmare CVE-2021-34527
How To Fix CVE-2021-34481 Another Windows Print Spooler Remote Code Execution Vulnerability?
Arun KL
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.