Microsoft has urged the Azure users to update the patches for remote code execution vulnerability on dotnet core in Powershell 7 due to text encoding operation processed in .Net 5 and .Net Core.

Microsoft has said that there are no mitigations available to block the exploitation of this vulnerability tracked under the CVE-2021-26701.

“The vulnerable package is System.Text.Encodings.Web. Upgrading your package and redeploying your app should be sufficient to address this vulnerability,” stated by Microsoft in April.

.NET 5, .NET Core, or .NET Framework-based app using a System.Text.Encodings are exposed for this attack.

Script to stop your screen going blank or PC going to sleep - Cloudrun

Package NameVulnerable VersionsSecure Versions
System.Text.Encodings.Web4.0.0 – 4.5.04.5.1
System.Text.Encodings.Web4.6.0-4.7.14.7.2
System.Text.Encodings.Web5.0.05.0.1
Source : BleepingComputers

Actions suggested by Microsoft:

To best protect against this vulnerability, please install the new PowerShell version as soon as possible to update from:
•    Version 7.0 to 7.0.6 
•    Version 7.1 to 7.1.3

“If you have questions, ask them in GitHub, where the Microsoft development team and the community of experts are closely monitoring for new issues and will provide answers as soon as possible.” mentioned by Microsoft in its official page.

–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1

Published by oxytivetech

Leave a Reply

Please log in using one of these methods to post your comment:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s