Microsoft asks admins to patch PowerShell to fix WDAC bypass

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Microsoft has asked system administrators to patch PowerShell 7 against two vulnerabilities allowing attackers to bypass Windows Defender Application Control (WDAC) enforcements and gain access to plain text credentials.

PowerShell is a cross-platform solution that provides a command-line shell, a framework, and a scripting language focused on automation for processing PowerShell cmdlets.
Redmond released PowerShell 7.0.8 and PowerShell 7.1.5 to address these security flaws in the PowerShell 7 and PowerShell 7.1 branches in September and October.

How to tell if you are affected​

The CVE-2020-0951 vulnerability affects both PowerShell 7 and PowerShell 7.1 versions, while CVE-2021-41355 only impacts users of PowerShell 7.1.
To check the PowerShell version you are running and determine if you are vulnerable to attacks exploiting these two bugs, you can execute the pwsh -v command from a Command Prompt.

Microsoft says no mitigation measures are currently available to block the exploitation of these security flaws.
Admins are advised to install the updated PowerShell 7.0.8 and 7.1.5 versions as soon as possible to protect systems from potential attacks.
 

Sammo

Level 7
Verified
Well-known
Jan 27, 2012
332
Doesn't work.
 

Attachments

  • pwsh-1.jpg
    pwsh-1.jpg
    83.9 KB · Views: 148
  • Like
Reactions: DDE_Server and Nevi
F

ForgottenSeer 92963

The MSI version for home users can be downloaded and installed from here:


This should patch the flaw in the affected PS version on Windows 11. Users are advised to install it ASAP.
I sill have 5.1 on Windows 11, so I would rather advise to check which version is installed first (see post #3).

According the info @notyonachos posted, home users don't need V7, also V5 and V7 keep existing side by side. So when home users have "upgraded" to V7, I would strongly advise to de-install this V7 powershell attack surface "upgrade".
 
Last edited by a moderator:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top