Rewterz Threat Advisory – Microsoft Windows Server 2019 Multiple Vulnerabilities
November 14, 2018Rewterz Threat Advisory – CVE-2018- 8416 – Microsoft .NET core security bypass vulnerability
November 15, 2018Rewterz Threat Advisory – Microsoft Windows Server 2019 Multiple Vulnerabilities
November 14, 2018Rewterz Threat Advisory – CVE-2018- 8416 – Microsoft .NET core security bypass vulnerability
November 15, 2018Multiple vulnerabilities in Windows PowerShell can be exploited to bypass logging restrictions and execute arbitrary code.
IMPACT: NORMAL
PUBLISH DATE: 11-14-2018
OVERVIEW
Multiple vulnerabilities have been reported in Windows PowerShell. By successfully exploiting them, malicious local users can bypass certain security restrictions. Malicious people may also compromise a vulnerable system. Updated versions are available.
ANALYSIS
The “ExpandArchive()” function contains an error when handling files. If exploited successfully, it will allow malicious people to execute arbitrary code.
Another error related to log management when handling special characters can be exploited to bypass logging restrictions and subsequently execute unlogged code.
AFFECTED PRODUCTS
Windows PowerShell 6.x
- versions 6.0 prior to 6.0.5
- 1 prior to 6.1.1
- 2
UPDATES
Update to a fixed version if available.
- Versions 6.0:
Update to version 6.0.5.
- Versions 6.1:
Update to version 6.1.1.
- Versions 6.2:
Fixed in the source code repository.
If you think you’re the victim of a cyber-attack, immediately send an email to soc@rewterz.com.