Forum Discussion
truwarrior22
Apr 22, 2020Copper Contributor
Unable to fully resolve CVE-2018-8256 on Windows Server 2016 (microsoft.powershell.archive)
Installed Powershell core 7.0, but vulnerability scanner keeps detecting the file version of microsoft.powershell.archive.psd1 as vulnerable. Can this file else folder (microsoft.powershell.archive) be deleted? I tried to update the module, but Poweshell returned that I can only install the newer version and run side by side with the old version.
Any suggestions? Out of ideas besides manually taking ownership and deleting the file/folders.
References:
https://github.com/PowerShell/PowerShell/issues/8251
Below is the scanner's rule and results, i.e.
Rule:
EXECUTE { import re from version import Version as V, VersionException as VE try: sysRoot = env.getHostVariable( 'windows_system_root_directory' ) except KeyError: rule.STOP( False ) file = r'system32\windowspowershell\v1.0\modules\microsoft.powershell.archive\microsoft.powershell.archive.psd1' path = r'%s\%s' % (sysRoot,file) rule.CIFSGetFile(path.lower().replace(':', '$:')) if rule.success: ver = re.search('ModuleVersion="([\d+.]+)"', rule.buffer) if ver: try: if V(ver.group(1)) < V('1.2.2'): rule.STOP(True) except VE: rule.STOP(False) rule.STOP(False) }
Info:
Path: c$:\windows\system32\windowspowershell\v1.0\modules\microsoft.powershell.archive\microsoft.powershell.archive.psd1
Data: @{\x0d\x0aGUID="eb74e8da-9ae2-482a-a648-e96550fb8733"\x0d\x0aAuthor="Microsoft Corporation"\x0d\x0aCompanyName="Microsoft Corporation"\x0d\x0aCopyright="\xa9 Microsoft Corporation. All rights reserved."\x0d\x0aModuleVersion="1.0.1.0"\x0d\x0aFunctionsToExport = @('Compress-Archive', 'Expand-Archive')\x0d\x0aDotNetFrameworkVersion = 4.5\x0d\x0aCmdletsToExport = @()\x0d\x0aAliasesToExport = @()\x0d\x0aNestedModules="Microsoft.PowerShell.Archive.psm1"\x0d\x0aHelpInfoURI = 'http://go.microsoft.com/fwlink/?LinkId=393254'\x0d\x0a}\x0d\x0a
No RepliesBe the first to reply