Skip to content


Powershell Version 7 Vulnerability: Dataprise Defense Digest

By: Dataprise

Dataprise Defense Digest 550x550

Table of content

Executive Summary

On July 2nd, Microsoft issued a warning about a critical .NET Core remote code execution vulnerability in PowerShell version 7. This is caused by the way text encoding is performed in .NET 5 and .NET Core. PowerShell is a scripting tool in all major versions of Windows, and also works with Linux and MacOS. Microsoft urges for everyone to update to the latest version of Powershell as soon as possible.

Detailed Analysis

In this vulnerability, the package that can be exploited is “System.Text.Encodings.Web”. All vulnerable versions of .Net include, 4.0, 4.5,4.6,4.7,5.0. Secure versions are, 4.5.1, 4.7.2, and 5.0.1. PowerShell versions 7.0.6 and 7.1.3 need to be updated to the latest versions. However, even though Visual Studio has .Net binaries, it is not affected by this issue. For a user to know if they are affected, they would need to check their version by running “dotnet –info”:

Indicators Of Compromise

There are no current indicators of compromise, but this vulnerability can be taken advantage of by malware to run malicious scripts via PowerShell.

Mitigation Steps

  • Check versions of PowerShell and .NET SDK
  • Update .NET SDK packages to secure versions indicated on Microsoft’s Github.
  • Update PowerShell core to the latest version


Contributing Authors

  • Stephen Jones, Senior Director Cybersecurity
  • Susan Verdin, Cybersecurity Analyst

Recent Tweets


Want the latest IT insights?

Subscribe to our blog to learn about the latest IT trends and technology best practices.