Microsoft is urging users to patch ASAP a dangerous .NET Core remote code execution vulnerability affecting PowerShell.
PowerShell is a task automation and configuration management framework, consisting of a command-line shell and the associated scripting language.
The flaw, tracked as CVE-2021-26701, is an input validation error that stems from insufficient validation of user-supplied input in .NET Core. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
“The vulnerable package is System.Text.Encodings.Web. Upgrading your package and redeploying your app should be sufficient to address this vulnerability,” Microsoft said in its April advisory.
The vulnerability affects PowerShell version 7.0 or 7.1 and has been fixed in versions 7.0.6 and 7.1.3, respectively. Windows PowerShell 5.1 is not impacted.
Customers are advised to install the updated PowerShell 7.0.6 and 7.1.3 versions as soon as possible to prevent potential attacks.