Attackers Target Microsoft’s Cloud Services Spring4Shell RCE Flaw

Share post:

Microsoft has uncovered a “low volume of exploit attempts” deploying Spring4Shell vulnerability exploits against its cloud infrastructure.

Spring4Shell is an RCE vulnerability that has been identified as CVE-2022-22965 and affects the Spring Framework.

Attackers can exploit the vulnerability by sending specially crafted queries to servers running the Spring Core framework to create web shells in the Tomcat root directory.

Hackers can exploit the vulnerability to execute commands on the compromised server.

However, Microsoft said that it has not yet seen “any impact to the security of our enterprise services and have not experienced any degraded service availability due to this vulnerability.”

Although the bug only affects systems with certain configurations, Microsoft explained that “any system using JDK 9.0 or later and using the Spring Framework or derivative frameworks should be considered vulnerable.”

Admins are advised to check that their servers are vulnerable to Spring4Shell attacks by issuing a non-malicious command.

For more information, read the original story in BleepingComputer.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Canadian privacy czars release principles for responsible development of AI

The principles remind AI developers they have to follow Canadian data pr

Google’s Gemini update claims superior results and offers support for Pixel 8 Pro

Google introduction of Gemini, an advanced large language model (LLM) powering Google Bard and other products has gained...

Companies from around the world lead the charge against “deepfakes”

AI-generated deepfakes, initially seen as an entertaining novelty, are starting to raise concerns about their potential misues. These...

Generative AI increasingly used for threats to Canadian democracy: Report

Generative AI systems are increasingly being used by threat actors to influence elections around the world, including in Canada, says the latest report by Canada’s electronic spy agency on threats to this country’s democratic process. “We assess that AI synthetic content generation related to national elections will almost certainly increase in the next two years,

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways