CVE-2021-41355: .NET Core and Visual Studio Information Disclosure Vulnerability

Description:

An Information Disclosure vulnerability exists in .NET where System.DirectoryServices.Protocols.LdapConnection may send credentials in plain text on non-Windows Operating systems.

CVE-2021-41355 impacts users of PowerShell 7.1.
To check the PowerShell version you are running and determine if you are vulnerable to attacks exploiting these two bugs, you can execute the pwsh -v command from a Command Prompt.

Mitigations:

Admins are advised to install the updated PowerShell 7.0.8 and 7.1.5 versions as soon as possible to protect systems from potential attacks.

Please check the references/vendor advisory for more information.

Reference URL’s:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41355
https://github.com/PowerShell/Announcements/issues/26
https://www.bleepingcomputer.com/news/microsoft/microsoft-asks-admins-to-patch-powershell-to-fix-wdac-bypass/