Microsoft: >> Powershell Security Vulnerabilities
<p>A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC.</p>
<p>To exploit the vulnerability, an attacker need administrator access on a local machine where PowerShell is running. The attacker could then connect to a PowerShell session and send commands to execute arbitrary code.</p>
<p>The update addresses the vulnerability by correcting how PowerShell commands are validated when WDAC protection is enabled.</p>
CVSS Score
6.7
EPSS Score
0.007
Published
2020-09-11
A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.
CVSS Score
7.5
EPSS Score
0.038
Published
2020-05-21
A remote code execution vulnerability exists in PowerShell Editor Services, aka "PowerShell Editor Services Remote Code Execution Vulnerability." This affects PowerShell Editor, PowerShell Extension.
CVSS Score
9.8
EPSS Score
0.264
Published
2018-07-11
Page 3