Posted on Leave a comment

Critical Remote Code Execution Vulnerability in Dotnet Core for PowerShell.

Microsoft has urged the Azure users to update the patches for remote code execution vulnerability on dotnet core in Powershell 7 due to text encoding operation processed in .Net 5 and .Net Core.

Microsoft has said that there are no mitigations available to block the exploitation of this vulnerability tracked under the CVE-2021-26701.

“The vulnerable package is System.Text.Encodings.Web. Upgrading your package and redeploying your app should be sufficient to address this vulnerability,” stated by Microsoft in April.

.NET 5, .NET Core, or .NET Framework-based app using a System.Text.Encodings are exposed for this attack.

Script to stop your screen going blank or PC going to sleep - Cloudrun

Package NameVulnerable VersionsSecure Versions
System.Text.Encodings.Web4.0.0 – 4.5.04.5.1
System.Text.Encodings.Web4.6.0-4.7.14.7.2
System.Text.Encodings.Web5.0.05.0.1
Source : BleepingComputers

Actions suggested by Microsoft:

To best protect against this vulnerability, please install the new PowerShell version as soon as possible to update from:
•    Version 7.0 to 7.0.6 
•    Version 7.1 to 7.1.3

“If you have questions, ask them in GitHub, where the Microsoft development team and the community of experts are closely monitoring for new issues and will provide answers as soon as possible.” mentioned by Microsoft in its official page.

–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1

Leave a Reply