Microsoft Urges Azure Users to Update PowerShell to Patch RCE Flaw

Microsoft is urging Azure customers to update the PowerShell command-line software as quickly as achievable to defend in opposition to a vital remote code execution vulnerability impacting .Web Core.

The issue, tracked as CVE-2021-26701 (CVSS score: 8.1), has an effect on PowerShell versions 7. and 7.1 and have been remediated in variations 7..6 and 7.1.3, respectively. Windows PowerShell 5.1 just isn’t impacted by the flaw.

Built on the .Internet Widespread Language Runtime (CLR), PowerShell is a cross-platform job automation utility that is made up of a command-line shell, a scripting language, and a configuration administration framework.

Stack Overflow Teams

“A distant code execution vulnerability exists in .Internet 5 and .Net Core due to how textual content encoding is done,” the organization famous in an advisory published before this April, adding that the challenge resides in the “Method.Text.Encodings.World wide web” package deal, which gives styles for encoding and escaping strings for use in JavaScript, HTML, and URLs.

  • Method.Text.Encodings.World wide web (edition 4.. – 4.5.) – Fixed in model 4.5.1
  • System.Textual content.Encodings.Website (edition 4.6. – 4.7.1) – Preset in model 4.7.2
  • Method.Text.Encodings.World wide web (model 5..) – Fastened in edition 5..1

CVE-2021-26701 was initially addressed by Microsoft as section of its Patch Tuesday update for February 2021. Provided that there are no workarounds that mitigate the vulnerability, it is really extremely recommended to update to the newest versions.

Fibo Quantum