Multiple vulnerabilities in Windows PowerShell can be exploited to bypass logging restrictions and execute arbitrary code.
PUBLISH DATE: 11-14-2018
Multiple vulnerabilities have been reported in Windows PowerShell. By successfully exploiting them, malicious local users can bypass certain security restrictions. Malicious people may also compromise a vulnerable system. Updated versions are available.
The “ExpandArchive()” function contains an error when handling files. If exploited successfully, it will allow malicious people to execute arbitrary code.
Another error related to log management when handling special characters can be exploited to bypass logging restrictions and subsequently execute unlogged code.
Windows PowerShell 6.x
Update to a fixed version if available.
Update to version 6.0.5.
Update to version 6.1.1.
Fixed in the source code repository.
If you think you’re the victim of a cyber-attack, immediately send an email to email@example.com.