Patch PowerShell now, Microsoft tells admins

The patched versions correct how WDAC validates commands, assures Microsoft

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Microsofthas asked system administrators to patch theirPowerShell7 installations against two vulnerabilities that can allow attackers to bypassWindows DefenderApplication Control (WDAC) to run arbitrary code, and even gain access to plain text credentials.

PowerShell 7 is anopen source, cross-platform edition of the command-line shell that helps Windows admins and power users automate a range of administrative tasks with the help of cmdlets.

“To exploit the vulnerability, an attacker needs administrator access on a local machine where PowerShell is running. The attacker could then connect to a PowerShell session and send commands to execute arbitrary code,”says Microsoftto explain the impact of one of the vulnerabilities, tracked as CVE-2020-0951.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

The second flaw, tracked as CVE-2021-41355, is an information disclosure vulnerability in the .NET Core which could be exploited to leak credentials in clear text on devices running non-Windows platforms.

Update now

The WDAC mechanism was introduced withWindows 10to ensure that only trusted apps and drivers can run inside the OS, and block any malicious software ormalware.

BleepingComputerexplains that by exploiting the WDAC bypass vulnerability in PowerShell 7, threat actors could potentially execute PowerShell commands that would otherwise be flagged as malicious and blocked by WDAC.

The vulnerabilities exist in both PowerShell 7 and the updated PowerShell 7.1 release, and reportedly there isn’t any mitigation to prevent their exploitation.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Microsoft suggests admins to install the updated PowerShell 7.0.8 and 7.1.5 versions, without delay to secure their installations.

“The update addresses the vulnerability by correcting how PowerShell commands are validated when WDAC protection is enabled,” Microsoft assures.

ViaBleepingComputer

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well