CVE-2021-41355: .NET Core and Visual Studio Information Disclosure Vulnerability
by CIRT Team
Description:
An Information Disclosure vulnerability exists in .NET where System.DirectoryServices.Protocols.LdapConnection may send credentials in plain text on non-Windows Operating systems.
CVE-2021-41355 impacts users of PowerShell 7.1.
To check the PowerShell version you are running and determine if you are vulnerable to attacks exploiting these two bugs, you can execute the pwsh -v command from a Command Prompt.
Mitigations:
Admins are advised to install the updated PowerShell 7.0.8 and 7.1.5 versions as soon as possible to protect systems from potential attacks.
Please check the references/vendor advisory for more information.
Reference URL’s:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41355
https://github.com/PowerShell/Announcements/issues/26
https://www.bleepingcomputer.com/news/microsoft/microsoft-asks-admins-to-patch-powershell-to-fix-wdac-bypass/
Recommended Posts
Emerging Threat_Stealer Malware (Lumma C2) Campaign with fake CAPTCHA pages
08 Oct 2024 - Security Advisories & Alerts