spot_img

Attackers Target Microsoft’s Cloud Services Spring4Shell RCE Flaw

Share post:

Microsoft has uncovered a “low volume of exploit attempts” deploying Spring4Shell vulnerability exploits against its cloud infrastructure.

Spring4Shell is an RCE vulnerability that has been identified as CVE-2022-22965 and affects the Spring Framework.

Attackers can exploit the vulnerability by sending specially crafted queries to servers running the Spring Core framework to create web shells in the Tomcat root directory.

Hackers can exploit the vulnerability to execute commands on the compromised server.

However, Microsoft said that it has not yet seen “any impact to the security of our enterprise services and have not experienced any degraded service availability due to this vulnerability.”

Although the bug only affects systems with certain configurations, Microsoft explained that “any system using JDK 9.0 or later and using the Spring Framework or derivative frameworks should be considered vulnerable.”

Admins are advised to check that their servers are vulnerable to Spring4Shell attacks by issuing a non-malicious command.

For more information, read the original story in BleepingComputer.

spot_img

SUBSCRIBE NOW

Related articles

AI chatbots used for X-rated activity draws scrutiny

Following scrutiny from authorities and other people involved, Replika, an app that uses AI technology similar to OpenAI's...

Reddit relocates headquarters

Reddit's headquarters is being relocated from its current 78,000-square-foot office at 1455 Market Street at San Francisco's Mid-Market...

Meta launches Meta Verified in U.S.

Meta has launched its subscription service in the United States, allowing Facebook and Instagram users to pay for...

Stanford researchers makes budget friendly ChatGPT AI

Stanford researchers fine-tuned a seven-billion-parameter variant of Meta's recently announced LLaMA model using 52,000 instruction-following demonstrations generated by...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways