• Home
  • |
  • Blog
  • |
  • A Critical RCE PowerShell Vulnerability – Upgrade PowerShell At The Earliest
Critical RCE PowerShell Vulnerability

Microsoft found a critical RCE PowerShell vulnerability that could allow an attacker to launch a remote code execution vulnerability. Microsoft recommends Azure users to upgrade PowerShell to protect against the RCE vulnerability.

What Is PowerShell?

“PowerShell is a cross-platform task automation utility made up of a command-line shell, a scripting language, and a configuration management framework. PowerShell runs on most of the Windows, Linux, and macOS platforms.” Click here to read more about PowerShell.

PowerShell Vulnerability Affected Versions:

The issue lice with CVE-2021-26701. PowerShell v 7.0 & v7.1 were affected by this vulnerability, and it has been fixed in v 7.0.6 and 7.1.3, respectively. Microsoft says that Windows PowerShell v5.1 is considered safe from vulnerability.

The actual RCE PowerShell vulnerability is residing in the “System.Text.Encodings.Web” package. A web encoder package used for HTML, JavaScript, and Url character encoding.

Vulnerable Package Versions:

Package NameVulnerable VersionsSecure Versions
System.Text.Encodings.Web4.0.0 – 4.5.04.5.1
System.Text.Encodings.Web4.6.0-4.7.14.7.2
System.Text.Encodings.Web5.0.05.0.1
Table #1: PowerShell vulnerability affected version

How To Check The PowerShell Version?

There are different ways to see the version of the PowerShell. However, we have shared three simple commands to check the PowerShell version.

  1. >$PSVersionTable
  2. >get-host
  3. >Get-Host | Select-Object Version

How To Fix The Critical RCE PowerShell Vulnerability?

The best way to fix this Critical RCE PowerShell Vulnerability is to Upgrade PowerShell to the latest version.

• Version 7.0 to 7.0.6
• Version 7.1 to 7.1.3

PowerShell is a multi-platform utility. Here you can see the procedure to install/upgrade PowerShell on a different platform.

Thanks for reading this post. Would you mind sharing this with Azure users and making them aware of this critical RCE PowerShell vulnerability?

About the author

Arun KL

To know more about me. Follow me on LinkedIn Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.