Everyone makes mistakes, even big companies like Microsoft. Recently, some experts found problems in a tool from Microsoft called the PowerShell Gallery. However, before diving into what happened, let’s understand why this matters. Here are the details…

PowerShell Gallery Users at Risk Due to Unfixed Security Flaws

Imagine a library, but instead of books, it has computer tools and tricks. That’s the PowerShell Gallery. Many computer experts use this library to help them with their work. Unfortunately, it turns out the system many people trusted isn’t that safe. The AquaSec research team released a report showing big security issues in Microsoft’s PowerShell Gallery.

Microsoft

It’s actually quite common for these kinds of security vulnerabilities to emerge. Typically, someone notices the security flaw, reports it to the responsible company, and then after it’s addressed, the issue is announced to the public. However, this is where the situation becomes complicated.

AquaSec informed Microsoft of these issues in September 2022. Microsoft claimed to have resolved them by November. Yet, in December, AquaSec discovered that the problems persisted. They notified Microsoft once more, and the company responded saying they were on it. But by August 2023, the issues remained unresolved.

AquaSec’s explanation is as follows: “Despite reporting the flaws to the Microsoft Security Response Center on two separate occasions, with confirmation of the reported behavior and claims of ongoing fixes, as of August 2023, the issues remain reproducible, indicating that no tangible changes have been implemented.”

If big companies like Microsoft have security problems and don’t fix them quickly, it can cause a lot of trouble for everyone. It’s a reminder for everyone to be careful and double-check everything on the internet. For now, we have no choice but to wait for the gap to be closed.

RELATED:

(via)