CVE-2020-0951: Windows Defender Application Control Security Feature Bypass Vulnerability
by CIRT Team
Description:
A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC.
The CVE-2020-0951 vulnerability affects both PowerShell 7 and PowerShell 7.1 versions.To check the PowerShell version you are running and determine if you are vulnerable to attacks exploiting these two bugs, you can execute the pwsh -v command from a Command Prompt.
Mitigations:
Admins are advised to install the updated PowerShell 7.0.8 and 7.1.5 versions as soon as possible to protect systems from potential attacks.
Please check the references/vendor advisory for more information.
Reference URL’s:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0951
https://github.com/PowerShell/Announcements/issues/26
https://www.bleepingcomputer.com/news/microsoft/microsoft-asks-admins-to-patch-powershell-to-fix-wdac-bypass/
Recommended Posts
Enhancing Situational Awareness on Emerging Cyber Threats
09 Sep 2023 - English articles, News, Security Advisories & Alerts, Uncategorized

UPDATE ON SITUATIONAL ALERT
08 Aug 2023 - Articles, News, Security Advisories & Alerts, Uncategorized