Microsoft has released updates to address a feature bypass vulnerability in PowerShell Core versions 6.1 and 6.2. Users should upgrade to the latest PowerShell versions to prevent an attacker from taking over affected systems.
The security issue is a Windows Defender Application Control Security Feature Bypass Vulnerability CVE-2019-1167 (rated important).
Microsoft said attacker exploitation of this bug is more likely.
“A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could circumvent PowerShell Core Constrained Language Mode on the machine,” Microsoft warned in the advisory.
Mitigations
Organizations and users should upgrade to the latest versions of PowerShell Core to address the vulnerability:
| PowerShell Core Version | Upgrade to |
| 6.1 | 6.1.5 |
| 6.2 | 6.2.2 |
You can also check out the GitHub update for more details on the vulnerability and guidance.
The update comes nearly a week after Microsoft released the July patch updates.