Microsoft Urges Azure Users to Update PowerShell to PatchRCE Flaw
The issue, tracked as CVE-2021-26701 (CVSS score: 8.1), affects PowerShell versions 7.0 and 7.1 and have been remediated in versions 7.0.6 and 7.1.3, respectively. Windows PowerShell 5.1 isn’t impacted by the flaw.
Built on the .NET Common Language Runtime (CLR), PowerShell is a cross-platform task automation utility that consists of a command-line shell, a scripting language, and a configuration management framework.
- System.Text.Encodings.Web (version 4.0.0 – 4.5.0) Industry4.5.1
- System.Text.Encodings.Web (version 4.6.0 – 4.7.1) Industry4.7.2
- System.Text.Encodings.Web (version 5.0.0) Industry5.0.1
CVE-2021-26701 was originally addressed by Microsoft as part of its Patch Tuesday update for February 2021. Given that there are no workarounds that mitigate the vulnerability, it’s highly recommended to update to the latest versions.