Microsoft tells sysadmins to update PowerShell 7 to fix flaw that could expose credentials in Linux

PowerShell

Microsoft has issued a stark warning to system administrators, advising them of the importance of updating PowerShell 7 as soon as possible.

Versions prior to PowerShell 7.0.8 and PowerShell 7.1.5 are vulnerable to a .NET Core Information Disclosure flaw that is being tracked as CVE-2021-41355. There is a degree of urgency to upgrading to a non-vulnerable version of PowerShell, as the flaw could expose credentials in plain text in Linux.

See also:

Sysadmins are advised to check which version of PowerShell they currently have installed using the pwsh -v command.

Describing the flaw, Microsoft says:

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

An Information Disclosure vulnerability exists in .NET where System.DirectoryServices.Protocols.LdapConnection may send credentials in plain text on non-Windows Operating systems.

In another post, Microsoft specifically mentions Linux as the non-Windows operating system.

Comments are closed.

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.