Attackers Target Microsoft’s Cloud Services Spring4Shell RCE Flaw

April 7, 2022

Microsoft has uncovered a “low volume of exploit attempts” deploying Spring4Shell vulnerability exploits against its cloud infrastructure.

Spring4Shell is an RCE vulnerability that has been identified as CVE-2022-22965 and affects the Spring Framework.

Attackers can exploit the vulnerability by sending specially crafted queries to servers running the Spring Core framework to create web shells in the Tomcat root directory.

Hackers can exploit the vulnerability to execute commands on the compromised server.

However, Microsoft said that it has not yet seen “any impact to the security of our enterprise services and have not experienced any degraded service availability due to this vulnerability.”

Although the bug only affects systems with certain configurations, Microsoft explained that “any system using JDK 9.0 or later and using the Spring Framework or derivative frameworks should be considered vulnerable.”

Admins are advised to check that their servers are vulnerable to Spring4Shell attacks by issuing a non-malicious command.

For more information, read the original story in BleepingComputer.

Top Stories

Related Articles

June 26, 2026 Ford Motor Co. turned to veteran engineers to tackle persistent vehicle quality problems after finding that artificial more...

June 26, 2026 Meta's chief technology officer says employee morale has fallen to one of the lowest levels in the more...

June 26, 2026 Memory chip maker Micron says it has signed 16 long-term strategic customer agreements that include price floors more...

June 26, 2026 IBM says it has developed the world's first functional sub-1 nanometre computer chip, marking what the company more...

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn