A few news outlets have been sort of chasing a somewhat cryptic warning issued from Microsoft on Thursday, right before the holiday weekend, titled: Update PowerShell versions 7.0 and 7.1 to protect against a vulnerability.
Microsoft writes:
If you manage yoiur Azure resources from PowerShell version 7.0 or 7.1, we’ve released new versions of PowerShell to address a .NET Core remote code execution vulnerability in versions 7.0 and 7.1.
We recommend that you install the updated versions as soon as possible.
Windows PowerShell 5.1 isn’t affected by this issue.
Also included is a link to https://github.com/advisories/GHSA-ghhp-997w-qr28 showing limited details about the vulnerability.
I find this warning and the corresponding github page difficult to decode.
Any one else following this? Any thoughts?
Microsoft writes:
If you manage yoiur Azure resources from PowerShell version 7.0 or 7.1, we’ve released new versions of PowerShell to address a .NET Core remote code execution vulnerability in versions 7.0 and 7.1.
We recommend that you install the updated versions as soon as possible.
Windows PowerShell 5.1 isn’t affected by this issue.
Also included is a link to https://github.com/advisories/GHSA-ghhp-997w-qr28 showing limited details about the vulnerability.
I find this warning and the corresponding github page difficult to decode.
- Is the risk limited to just Azure management via Powershell?
- Are they recommending everyone update powershell across their server infrastructure? Or to update powershell on servers running applications that use the DOT NET framework?
Any one else following this? Any thoughts?
