Microsoft is alerting customers to upgrade their installations of PowerShell 7 as soon as possible to protect themselves against a.NET remote code execution (RCE) vulnerability. PowerShell is a configuration management system that features a command-line shell as well as a task automation scripting language. It runs on.NET, which makes use of a text encoding package that was recently fixed against an RCE flaw. It works with structured data such as JSON, CSV, and XML, and REST APIs and object models, and it operates on all major platforms, including Windows, Linux, and macOS. The.NET vulnerability was recognized as a major vulnerability with a score of 9.8 and was patched in April. According to the firm, there are no mitigation steps available to prevent the exploitation of the security issue identified as CVE-2021-26701. Customers are encouraged to update to PowerShell 7.0.6 and 7.1.3 as soon as possible in order to safeguard their systems from potential threats. In addition, Microsoft's initial advisory instructs developers on how to update their programs to eliminate the risk. Microsoft explained in April when the security flaw was patched, "The vulnerable package is System.Text.Encodings.Web. Upgrading your package and redeploying your app should be sufficient to address this vulnerability." Any.NET 5,.NET Core, or.NET Framework based application that uses a System. Text.Encodings. The version of the web package indicated below is vulnerable to attacks:1.System.Text.Encodings.Web: Vulnerable Versions 4.0.0 - 4.5.0 ; Secure Version 4.5.12.System.Text.Encodings.Web: Vulnerable Versions 4.6.0-4.7.1; Secure Version 4.7.23.System.Text.Encodings.Web: Vulnerable Versions 5.0.0; Secure Version 5.0.1 According to Microsoft's security alert, Visual Studio consists of the binaries for .NET but it is not vulnerable to this flaw. Th ..
Support the originator by clicking the read the rest link below.
