Microsoft tells sysadmins to update PowerShell 7 to fix flaw that could expose credentials in Linux


Microsoft has issued a stark warning to system administrators, advising them of the importance of updating PowerShell 7 as soon as possible.

Versions prior to PowerShell 7.0.8 and PowerShell 7.1.5 are vulnerable to a .NET Core Information Disclosure flaw that is being tracked as CVE-2021-41355. There is a degree of urgency to upgrading to a non-vulnerable version of PowerShell, as the flaw could expose credentials in plain text in Linux.


See also:

Sysadmins are advised to check which version of PowerShell they currently have installed using the pwsh -v command.

Describing the flaw, Microsoft says:

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

An Information Disclosure vulnerability exists in .NET where System.DirectoryServices.Protocols.LdapConnection may send credentials in plain text on non-Windows Operating systems.

In another post, Microsoft specifically mentions Linux as the non-Windows operating system.

© 1998-2021 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.