A Critical RCE PowerShell Vulnerability – Upgrade PowerShell At The Earliest

Microsoft found a critical RCE PowerShell vulnerability that could allow an attacker to launch a remote code execution vulnerability. Microsoft recommends Azure users to upgrade PowerShell to protect against the RCE vulnerability.

What Is PowerShell?

“PowerShell is a cross-platform task automation utility made up of a command-line shell, a scripting language, and a configuration management framework. PowerShell runs on most of the Windows, Linux, and macOS platforms.” Click here to read more about PowerShell.

PowerShell Vulnerability Affected Versions:

The issue lice with CVE-2021-26701. PowerShell v 7.0 & v7.1 were affected by this vulnerability, and it has been fixed in v 7.0.6 and 7.1.3, respectively. Microsoft says that Windows PowerShell v5.1 is considered safe from vulnerability.

The actual RCE PowerShell vulnerability is residing in the “System.Text.Encodings.Web” package. A web encoder package used for HTML, JavaScript, and Url character encoding.

Vulnerable Package Versions:

How To Check The PowerShell Version?

There are different ways to see the version of the PowerShell. However, we have shared three simple commands to check the PowerShell version.

1. >$PSVersionTable
2. >get-host
3. >Get-Host | Select-Object Version

How To Fix The Critical RCE PowerShell Vulnerability?

The best way to fix this Critical RCE PowerShell Vulnerability is to Upgrade PowerShell to the latest version.

• Version 7.0 to 7.0.6
• Version 7.1 to 7.1.3

PowerShell is a multi-platform utility. Here you can see the procedure to install/upgrade PowerShell on a different platform.

• Installing PowerShell on Windows
• Installing PowerShell on Linux
• Installing PowerShell on macOS
• Installing PowerShell on ARM

Thanks for reading this post. Would you mind sharing this with Azure users and making them aware of this critical RCE PowerShell vulnerability?

• Top 6 Scripting Languages for hackers and pentesters:
• Step by step procedure to fix the new sudo vulnerability (CVE-2021-3156)
• How to quickly find and fix vulnerabilities on Windows in no time?
• Build your own OTT platforms like Netflix using Raspberry Pi and Plex media server:
• How to Fix a Critical 0-day WordPress Plugins Vulnerability (CVE-2021-24370) found in Fancy Product Designer