Microsoft tells sysadmins to update PowerShell 7 to fix flaw that could expose credentials in Linux
Microsoft has issued a stark warning to system administrators, advising them of the importance of updating PowerShell 7 as soon as possible.
Versions prior to PowerShell 7.0.8 and PowerShell 7.1.5 are vulnerable to a .NET Core Information Disclosure flaw that is being tracked as CVE-2021-41355. There is a degree of urgency to upgrading to a non-vulnerable version of PowerShell, as the flaw could expose credentials in plain text in Linux.
See also:
- KB5006670 is the latest Window update to cause printer problems
- Microsoft is using Update Stack Packages to make Windows 11 updates less disruptive
- Microsoft launches open source Linux version of system monitoring utility Sysmon
Sysadmins are advised to check which version of PowerShell they currently have installed using the pwsh -v
command.
Describing the flaw, Microsoft says:
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
An Information Disclosure vulnerability exists in .NET where System.DirectoryServices.Protocols.LdapConnection may send credentials in plain text on non-Windows Operating systems.
In another post, Microsoft specifically mentions Linux as the non-Windows operating system.