Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.2061 Security updates for PowerShell Core 6.2 and PowerShell 7.0 15 June 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Powershell Core 6.2 Powershell 7.0 Publisher: Microsoft Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-1108 Reference: ASB-2020.0098 ESB-2020.2045 ESB-2020.2021 ESB-2020.2010 ESB-2020.1982 Original Bulletin: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1108 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ************************************************************************************** Title: Microsoft Security Update Releases Issued: June 11, 2020 ************************************************************************************** Summary ======= The following CVE has undergone a major revision increment: * CVE-2020-1108 Revision Information: ===================== * CVE-2020-1108 - CVE-2020-1108 | .NET Core & .NET Framework Denial of Service Vulnerability - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1108 - Version: 5.0 - Reason for Revision: To comprehensively address CVE-2020-1108, Microsoft has released updates for PowerShell Core 6.2 and PowerShell 7.0. Customers who use any of these versions of PowerShell should install the latest version of PowerShell. See the Release Notes (https://github.com/powershell/announcements/issues/20) for the latest version numbers and instructions for updating PowerShell. - Originally posted: May 12, 2020 - Updated: June 11, 2020 - Aggregate CVE Severity Rating: Important ************************************************************************************** Other Information ================= Recognize and avoid fraudulent email to Microsoft customers: ====================================================================================== If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email. The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security bulletins, or installing security updates. You can obtain the MSRC public PGP key at <https://technet.microsoft.com/security/dn753714>. ************************************************************************************** THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. ************************************************************************************** Microsoft respects your privacy. Please read our online Privacy Statement at <http://go.microsoft.com/fwlink/?LinkId=81184>. If you would prefer not to receive future technical security notification alerts by email from Microsoft and its family of companies please visit the following website to unsubscribe: <https://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar d.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e&%3blcid=1033>. These settings will not affect any newsletters you've requested or any mandatory service communications that are considered part of certain Microsoft services. For legal Information, see: <http://www.microsoft.com/info/legalinfo/default.mspx>. This newsletter was sent by: Microsoft Corporation 1 Microsoft Way Redmond, Washington, USA 98052 - -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEELTQbGKdJ0A4NErYObMczVWaPe3UFAl7j6ZIACgkQbMczVWaP e3V2wQf/e+A5HzMDq7jmWf5WpCv7W2O/UY8nSCEVREExV0znfu36iruJ3gUKAX82 ZKmc1nI5ZXmOaNH1Y0l306P6ZReAAfqGOnmQyb/h6Y9gLy9YRxHuf+k14FswbKyw 0FOUabnVEyGYRNhcDt66GS1gB7PKMmBQEVXsFCu9Za2O4ARKK7GPddPbCSw0Lous nJiKhMXTIBlc0LkKMjl91isnccrkgbtfoxsWaBui5yDeo8xPfzIMKkAIgQe1JtEA 1bcP2oQXSo7xda5o73qK/3vhU/iiOvN4M41Qc652GM1+Q1GdZ8YQP9tDrpLlA9UW oX9Dx3DyyqUwtO2wni6e2JKAmPTZ1A== =rVoO - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXubSJeNLKJtyKPYoAQi7JQ//YleEqCLSDRtFGxeqJLxS7UoJjAu+NMoU y1B6KOqKVUMxS9fI1siK8m6Xjxwlp7efRVSEEWXLMTfQtgdmDbkytIDXeLWqeiv2 HD+LxnDqmjeNrSUC1CzdilRq1wy/HS2i93qVcEU7GXZj1go30twliYMvUaQRMVdw mA81pGxnARP9cqfnKIesoyJIAHbzfNK9qebmmPg0gRD+BAG+lACQuQJOWjzhB1PT ZBEFBc4If8E+5cA4wMT8JWX3n+IFykpvaEHXR53qIOKW6FqwLEoFsG7hZ++EU24K fQjUQK8LwzlG8Zob3IRia5GY5i/z5chBGgvE1Frvif97NMssTCLaRmqDfQY0whOg VK8AdRljuhKgftXad6N5ugFg+EPfKr/Aax9bpuH1xdBUhp7e7zbvvq2EDnDoSS7i WQOPM8qZ3vRTfIfXlN+e49Az868xm/sIKQfywoFaJtKeoF/ROECw9sfLSivBfqU1 eNmGHwZLkVVO1bgXsC5CsEKCM6xsSfOFP+f69N7slgHViQ+J10RD48Ka3dbagkOd uYyhMfabPylTeMPoM86MAqVl64uXSqhzDgbszXDMib1xvnsYZOeNb8HyuQv90bmd HsyaXQnBI9VL4Gk7Gwbg004Y49DhSP8JColbTcBou7pcUCkEFGlPlaHqSWUAetyx 2oJapSmfvOA= =7dYz -----END PGP SIGNATURE-----