CVE-2020-0951: Windows Defender Application Control Security Feature Bypass Vulnerability

Description:

A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC.

The CVE-2020-0951 vulnerability affects both PowerShell 7 and PowerShell 7.1 versions.To check the PowerShell version you are running and determine if you are vulnerable to attacks exploiting these two bugs, you can execute the pwsh -v command from a Command Prompt.

Mitigations:

Admins are advised to install the updated PowerShell 7.0.8 and 7.1.5 versions as soon as possible to protect systems from potential attacks.

Please check the references/vendor advisory for more information.

Reference URL’s:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0951
https://github.com/PowerShell/Announcements/issues/26
https://www.bleepingcomputer.com/news/microsoft/microsoft-asks-admins-to-patch-powershell-to-fix-wdac-bypass/

Share