Microsoft is urging Azure buyers to update the PowerShell command-line instrument as before long as feasible to defend from a critical distant code execution vulnerability impacting .NET Main.
The issue, tracked as CVE-2021-26701 (CVSS score: 8.1), influences PowerShell variations 7. and 7.1 and have been remediated in versions 7..6 and 7.1.3, respectively. Windows PowerShell 5.1 isn’t really impacted by the flaw.
Built on the .NET Frequent Language Runtime (CLR), PowerShell is a cross-system undertaking automation utility that consists of a command-line shell, a scripting language, and a configuration administration framework.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
“A distant code execution vulnerability exists in .NET 5 and .NET Main thanks to how text encoding is executed,” the company pointed out in an advisory printed previously this April, introducing that the difficulty resides in the “System.Text.Encodings.Web” package deal, which delivers forms for encoding and escaping strings for use in JavaScript, HTML, and URLs.
- Method.Textual content.Encodings.Web (variation 4.. – 4.5.) – Fastened in model 4.5.1
- Program.Text.Encodings.Web (version 4.6. – 4.7.1) – Fastened in model 4.7.2
- System.Textual content.Encodings.Web (version 5..) – Preset in variation 5..1
CVE-2021-26701 was originally resolved by Microsoft as element of its Patch Tuesday update for February 2021. Given that there are no workarounds that mitigate the vulnerability, it is really very encouraged to update to the hottest variations.
Uncovered this short article exciting? Follow THN on Facebook, Twitter and LinkedIn to go through additional special articles we put up.
Some components of this write-up are sourced from:
thehackernews.com