Posts
Powershell Version 7 Vulnerability: Dataprise Defense Digest
Table of content
Executive Summary
On July 2nd, Microsoft issued a warning about a critical .NET Core remote code execution vulnerability in PowerShell version 7. This is caused by the way text encoding is performed in .NET 5 and .NET Core. PowerShell is a scripting tool in all major versions of Windows, and also works with Linux and MacOS. Microsoft urges for everyone to update to the latest version of Powershell as soon as possible.
Detailed Analysis
In this vulnerability, the package that can be exploited is “System.Text.Encodings.Web”. All vulnerable versions of .Net include, 4.0, 4.5,4.6,4.7,5.0. Secure versions are, 4.5.1, 4.7.2, and 5.0.1. PowerShell versions 7.0.6 and 7.1.3 need to be updated to the latest versions. However, even though Visual Studio has .Net binaries, it is not affected by this issue. For a user to know if they are affected, they would need to check their version by running “dotnet –info”:
Indicators Of Compromise
There are no current indicators of compromise, but this vulnerability can be taken advantage of by malware to run malicious scripts via PowerShell.
Mitigation Steps
- Check versions of PowerShell and .NET SDK
- Update .NET SDK packages to secure versions indicated on Microsoft’s Github.
- Update PowerShell core to the latest version
Sources
- https://www.bleepingcomputer.com/news/security/microsoft-warns-of-critical-powershell-7-code-execution-vulnerability/
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26701
- https://github.com/dotnet/runtime/issues/49377
Contributing Authors
- Stephen Jones, Senior Director Cybersecurity
- Susan Verdin, Cybersecurity Analyst
Recent Tweets
INSIGHTS
Want the latest IT insights?
Subscribe to our blog to learn about the latest IT trends and technology best practices.