Microsoft's PowerShell Gallery Security Vulnerabilities Are Still Present

AquaSec, a security research team, recently released a report outlining significant security vulnerabilities within Microsoft's PowerShell Gallery (PSGallery), a repository for scripts, modules, and configuration resources. The report details three key weaknesses related to deception and forgery. Surprisingly, Microsoft has been informed about these flaws for quite some time but has not yet addressed them, despite AquaSec reporting them to the Microsoft Security Response Center on two occasions. AquaSec's report indicates that these issues persist as of August 2023, with no noticeable changes made. AquaSec's disclosed vulnerability timeline highlights that Microsoft has been aware of this problem since September of the previous year. Even in March 2023, Microsoft confirmed that only "reactive fixes" were available, providing insight into their handling of the situation. Read more...