Microsoft is urging Azure customers to update the PowerShell command-line software as quickly as achievable to defend in opposition to a vital remote code execution vulnerability impacting .Web Core.
The issue, tracked as CVE-2021-26701 (CVSS score: 8.1), has an effect on PowerShell versions 7. and 7.1 and have been remediated in variations 7..6 and 7.1.3, respectively. Windows PowerShell 5.1 just isn’t impacted by the flaw.
Built on the .Internet Widespread Language Runtime (CLR), PowerShell is a cross-platform job automation utility that is made up of a command-line shell, a scripting language, and a configuration administration framework.
- Method.Text.Encodings.World wide web (edition 4.. – 4.5.) – Fixed in model 4.5.1
- System.Textual content.Encodings.Website (edition 4.6. – 4.7.1) – Preset in model 4.7.2
- Method.Text.Encodings.World wide web (model 5..) – Fastened in edition 5..1
CVE-2021-26701 was initially addressed by Microsoft as section of its Patch Tuesday update for February 2021. Provided that there are no workarounds that mitigate the vulnerability, it is really extremely recommended to update to the newest versions.