New versions of PowerShell 7.0 and 7.1 have been released by Microsoft to address a remote code execution (RCE) vulnerability in .Net 5 and .Net Core. This vulnerability has been rated as critical and should be looked at closely.

PowerShell is a cross-platform task automation solution made up of a command-line shell, a scripting language, and a configuration management framework. PowerShell runs on Windows, Linux, and macOS.

Microsoft

Remote code execution is one of the most dangerous types of software attacks. It allows the attacker to run code with system level privileges on a remote server on the local network or over the internet. The most common method of attack is dynamic code execution. This is where code is generated and executed in order to take over a system and access:

• The server and local network
• Sensitive data
• Applications
• User security level configuration

The particular vulnerability identified my Microsoft has to do with the way that text encoding is performed under the hood with certain versions of .Net Core and .Net 5.

How to Protect Yourself

If you are using a vulnerable version of PowerShell to manage your infrastructure or administer your Azure environments you should install the new version as soon as possible.

Vulnerable Versions	Secure Versions
7.0	7.0.6 or later
7.1	7.1.3 or later

Additionally, if you are running .Net applications that use the System.Text.Encodings.Web package, you should use the chart below to determine if you need to upgrade to keep your application safe.

Vulnerable Versions	Secure Versions
4.0.0 to 4.5.0	4.5.1 or later
4.6.0 to 4.7.1	4.7.2 or later
5.0.0	5.0.1 or later

For more information, see this Microsoft update on PowerShell and the security Advisory on GitHub from back in April for the impacted package.