Microsoft has asked system administrators to patch PowerShell 7 against two vulnerabilities allowing attackers to bypass Windows Defender Application Control (WDAC) enforcements and gain access to plain text credentials.

Redmond released PowerShell 7.0.8 and PowerShell 7.1.5 to address these security flaws.

By exploiting the Windows Defender Application Control security feature bypass vulnerability tracked as CVE-2020-0951, threat actors can circumvent WDAC's allowlist, which allows them to execute PowerShell commands.

The second flaw (CVE-2021-41355) is an information disclosure vulnerability in .NET Core where credentials could be leaked in clear text.

The CVE-2020-0951 vulnerability affects both PowerShell 7 and PowerShell 7.1 versions, while CVE-2021-41355 only impacts users of PowerShell 7.1.

Source: bleepingcomputer.com