Patch PowerShell now, Microsoft tells admins

Representational image depecting cybersecurity protection
(Image credit: Shutterstock)

Microsoft has asked system administrators to patch their PowerShell 7 installations against two vulnerabilities that can allow attackers to bypass Windows Defender Application Control (WDAC) to run arbitrary code, and even gain access to plain text credentials.

PowerShell 7 is an open source, cross-platform edition of the command-line shell that helps Windows admins and power users automate a range of administrative tasks with the help of cmdlets.

“To exploit the vulnerability, an attacker needs administrator access on a local machine where PowerShell is running. The attacker could then connect to a PowerShell session and send commands to execute arbitrary code,” says Microsoft to explain the impact of one of the vulnerabilities, tracked as CVE-2020-0951.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

The second flaw, tracked as CVE-2021-41355, is an information disclosure vulnerability in the .NET Core which could be exploited to leak credentials in clear text on devices running non-Windows platforms.

Update now

The WDAC mechanism was introduced with Windows 10 to ensure that only trusted apps and drivers can run inside the OS, and block any malicious software or malware.

BleepingComputer explains that by exploiting the WDAC bypass vulnerability in PowerShell 7, threat actors could potentially execute PowerShell commands that would otherwise be flagged as malicious and blocked by WDAC.

The vulnerabilities exist in both PowerShell 7 and the updated PowerShell 7.1 release, and reportedly there isn’t any mitigation to prevent their exploitation. 

Microsoft suggests admins to install the updated PowerShell 7.0.8 and 7.1.5 versions, without delay to secure their installations.

“The update addresses the vulnerability by correcting how PowerShell commands are validated when WDAC protection is enabled,” Microsoft assures. 

Via BleepingComputer

TOPICS
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
The best free firewall
Microsoft fixes Power Pages security flaw, tells users to be on their guard
A person&#039;s fingers type at a keyboard, with a digital security screen with a lock on it overlaid.
Veeam backup software has a serious security flaw - here's how to stay safe
A computer being guarded by cybersecurity.
Worrying Windows security issue patched by 7-Zip, so patch now
Representational image of a cybercriminal
Microsoft discovers five potentially damaging attacks against its own software
Representational image depecting cybersecurity protection
Ivanti reveals major security update, so make sure you're protected
A person at a laptop with a cybersecure lock symbol floating above it.
Parallels Desktop has some worrying security flaws for Mac users
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Google Pixel 8a in aloe green showing
Google Pixel 9a benchmark link teases the performance of the upcoming mid-ranger
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 17 (game #1148)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 17 (game #379)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 17 (game #645)
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over