Subscribe

Attackers Target Microsoft’s Cloud Services Spring4Shell RCE Flaw

April 7, 2022

Microsoft has uncovered a “low volume of exploit attempts” deploying Spring4Shell vulnerability exploits against its cloud infrastructure.

Spring4Shell is an RCE vulnerability that has been identified as CVE-2022-22965 and affects the Spring Framework.

Attackers can exploit the vulnerability by sending specially crafted queries to servers running the Spring Core framework to create web shells in the Tomcat root directory.

Hackers can exploit the vulnerability to execute commands on the compromised server.

However, Microsoft said that it has not yet seen “any impact to the security of our enterprise services and have not experienced any degraded service availability due to this vulnerability.”

Although the bug only affects systems with certain configurations, Microsoft explained that “any system using JDK 9.0 or later and using the Spring Framework or derivative frameworks should be considered vulnerable.”

Admins are advised to check that their servers are vulnerable to Spring4Shell attacks by issuing a non-malicious command.

For more information, read the original story in BleepingComputer.

Top Stories

Windows 11 update triggers Outlook crashes for some users

OpenAI could run out of money in months, financial expert warns

Microsoft promises to shield communities from rising power bills, other burdens

Anthropic says AI now writes over 90% of the code behind Claude

Lenovo bets on a post-VMware world with new multi-hypervisor FX systems

Anthropic launches AI healthcare tools amid OpenAI competition

Related Articles

OpenAI could run out of money in months, financial expert warns

January 16, 2026 OpenAI could run out of money within the next 18 months. That prediction, issued by Sebastian Mallaby, more...

Microsoft promises to shield communities from rising power bills, other burdens

January 15, 2026 After a year of growing protests over power bills, water use and unmet job promises, Microsoft on more...

Anthropic says AI now writes over 90% of the code behind Claude

January 14, 2026 Anthropic says that more than 90 per cent of the software powering new versions of Claude is more...

Anthropic launches AI healthcare tools amid OpenAI competition

January 14, 2026 Anthropic is pushing deeper into healthcare with a new suite of AI tools aimed at doctors, insurers more...

Picture of TND Newsdesk

TND Newsdesk

Picture of TND Newsdesk

TND Newsdesk

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn
Tech News Day is a daily publication featuring key news stories about technology and how it affects businesses.

Follow Us

X-twitter Linkedin-in

Popular categories

Tech News Delivered

New, Relevant Tech Stories. Our selection is done by industry professionals – executives like you who pick the top stories for that day. Our writers summarize them to give you the key takeaways.
Subscribe
© 2025 TECHNEWSDAY. All rights reserved.