About The Recent PowerShell Remote Code Execution Vulnerability And How To Stay Secure

New versions of PowerShell 7.0 and 7.1 have been released by Microsoft to address a remote code execution (RCE) vulnerability in .Net 5 and .Net Core. This vulnerability has been rated as critical and should be looked at closely.

PowerShell is a cross-platform task automation solution made up of a command-line shell, a scripting language, and a configuration management framework. PowerShell runs on Windows, Linux, and macOS.

Microsoft

Remote code execution is one of the most dangerous types of software attacks. It allows the attacker to run code with system level privileges on a remote server on the local network or over the internet. The most common method of attack is dynamic code execution. This is where code is generated and executed in order to take over a system and access:

  • The server and local network
  • Sensitive data
  • Applications
  • User security level configuration

The particular vulnerability identified my Microsoft has to do with the way that text encoding is performed under the hood with certain versions of .Net Core and .Net 5.

How to Protect Yourself

If you are using a vulnerable version of PowerShell to manage your infrastructure or administer your Azure environments you should install the new version as soon as possible.

Vulnerable VersionsSecure Versions
7.07.0.6 or later
7.17.1.3 or later
The update went generally available on July 1, 2021.

Additionally, if you are running .Net applications that use the System.Text.Encodings.Web package, you should use the chart below to determine if you need to upgrade to keep your application safe.

Vulnerable VersionsSecure Versions
4.0.0 to 4.5.04.5.1 or later
4.6.0 to 4.7.14.7.2 or later
5.0.05.0.1 or later
The relevant patch was put in place in April, 2021.

For more information, see this Microsoft update on PowerShell and the security Advisory on GitHub from back in April for the impacted package.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: