CVE-2020-0951: Windows Defender Application Control Security Feature Bypass Vulnerability
Description:
A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC.
The CVE-2020-0951 vulnerability affects both PowerShell 7 and PowerShell 7.1 versions.To check the PowerShell version you are running and determine if you are vulnerable to attacks exploiting these two bugs, you can execute the pwsh -v command from a Command Prompt.
Mitigations:
Admins are advised to install the updated PowerShell 7.0.8 and 7.1.5 versions as soon as possible to protect systems from potential attacks.
Please check the references/vendor advisory for more information.
Reference URL’s:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0951
https://github.com/PowerShell/Announcements/issues/26
https://www.bleepingcomputer.com/news/microsoft/microsoft-asks-admins-to-patch-powershell-to-fix-wdac-bypass/
Recommended Posts
Dropbox discloses breach after hacker stole 130 GitHub repositories
02 Nov 2022 - Security Advisories & Alerts
Subscribe here
MEMBER OF:
