-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.2061
        Security updates for PowerShell Core 6.2 and PowerShell 7.0
                               15 June 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Powershell Core 6.2
                   Powershell 7.0
Publisher:         Microsoft
Operating System:  Windows
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-1108  

Reference:         ASB-2020.0098
                   ESB-2020.2045
                   ESB-2020.2021
                   ESB-2020.2010
                   ESB-2020.1982

Original Bulletin: 
   https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1108

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

**************************************************************************************
Title: Microsoft Security Update Releases
Issued: June 11, 2020
**************************************************************************************

Summary
=======

The following CVE has undergone a major revision increment:

* CVE-2020-1108

  
Revision Information:
=====================

* CVE-2020-1108

 - CVE-2020-1108 | .NET Core & .NET Framework Denial of Service Vulnerability
 - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1108
 - Version: 5.0
 - Reason for Revision: To comprehensively address CVE-2020-1108, Microsoft has released
   updates for PowerShell Core 6.2 and PowerShell 7.0. Customers who use any of these
   versions of PowerShell should install the latest version of PowerShell. See the
   Release Notes (https://github.com/powershell/announcements/issues/20) for the
   latest version numbers and instructions for updating PowerShell.
 - Originally posted: May 12, 2020
 - Updated: June 11, 2020
 - Aggregate CVE Severity Rating: Important


**************************************************************************************
 
Other Information
=================

Recognize and avoid fraudulent email to Microsoft customers:
======================================================================================

If you receive an email message that claims to be distributing a Microsoft security
update, it is a hoax that may contain malware or pointers to malicious websites.
Microsoft does not distribute security updates via email. 

The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security 
notifications. However, PGP is not required for reading security notifications, 
reading security bulletins, or installing security updates. You can obtain the MSRC
public PGP key at <https://technet.microsoft.com/security/dn753714>.

**************************************************************************************
THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT 
WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, 
INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES 
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS 
PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL 
OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
**************************************************************************************
Microsoft respects your privacy. Please read our online Privacy Statement at 
<http://go.microsoft.com/fwlink/?LinkId=81184>.

If you would prefer not to receive future technical security notification alerts by 
email from Microsoft and its family of companies please visit the following website 
to unsubscribe:
<https://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar
d.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e&%3blcid=1033>.

These settings will not affect any newsletters you've requested or any mandatory 
service communications that are considered part of certain Microsoft services.

For legal Information, see:
<http://www.microsoft.com/info/legalinfo/default.mspx>.

This newsletter was sent by:
Microsoft Corporation
1 Microsoft Way
Redmond, Washington, USA
98052
- -----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEELTQbGKdJ0A4NErYObMczVWaPe3UFAl7j6ZIACgkQbMczVWaP
e3V2wQf/e+A5HzMDq7jmWf5WpCv7W2O/UY8nSCEVREExV0znfu36iruJ3gUKAX82
ZKmc1nI5ZXmOaNH1Y0l306P6ZReAAfqGOnmQyb/h6Y9gLy9YRxHuf+k14FswbKyw
0FOUabnVEyGYRNhcDt66GS1gB7PKMmBQEVXsFCu9Za2O4ARKK7GPddPbCSw0Lous
nJiKhMXTIBlc0LkKMjl91isnccrkgbtfoxsWaBui5yDeo8xPfzIMKkAIgQe1JtEA
1bcP2oQXSo7xda5o73qK/3vhU/iiOvN4M41Qc652GM1+Q1GdZ8YQP9tDrpLlA9UW
oX9Dx3DyyqUwtO2wni6e2JKAmPTZ1A==
=rVoO
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXubSJeNLKJtyKPYoAQi7JQ//YleEqCLSDRtFGxeqJLxS7UoJjAu+NMoU
y1B6KOqKVUMxS9fI1siK8m6Xjxwlp7efRVSEEWXLMTfQtgdmDbkytIDXeLWqeiv2
HD+LxnDqmjeNrSUC1CzdilRq1wy/HS2i93qVcEU7GXZj1go30twliYMvUaQRMVdw
mA81pGxnARP9cqfnKIesoyJIAHbzfNK9qebmmPg0gRD+BAG+lACQuQJOWjzhB1PT
ZBEFBc4If8E+5cA4wMT8JWX3n+IFykpvaEHXR53qIOKW6FqwLEoFsG7hZ++EU24K
fQjUQK8LwzlG8Zob3IRia5GY5i/z5chBGgvE1Frvif97NMssTCLaRmqDfQY0whOg
VK8AdRljuhKgftXad6N5ugFg+EPfKr/Aax9bpuH1xdBUhp7e7zbvvq2EDnDoSS7i
WQOPM8qZ3vRTfIfXlN+e49Az868xm/sIKQfywoFaJtKeoF/ROECw9sfLSivBfqU1
eNmGHwZLkVVO1bgXsC5CsEKCM6xsSfOFP+f69N7slgHViQ+J10RD48Ka3dbagkOd
uYyhMfabPylTeMPoM86MAqVl64uXSqhzDgbszXDMib1xvnsYZOeNb8HyuQv90bmd
HsyaXQnBI9VL4Gk7Gwbg004Y49DhSP8JColbTcBou7pcUCkEFGlPlaHqSWUAetyx
2oJapSmfvOA=
=7dYz
-----END PGP SIGNATURE-----