Attackers Target Microsoft’s Cloud Services Spring4Shell RCE Flaw

Microsoft has uncovered a “low volume of exploit attempts” deploying Spring4Shell vulnerability exploits against its cloud infrastructure.

Spring4Shell is an RCE vulnerability that has been identified as CVE-2022-22965 and affects the Spring Framework.

Attackers can exploit the vulnerability by sending specially crafted queries to servers running the Spring Core framework to create web shells in the Tomcat root directory.

Hackers can exploit the vulnerability to execute commands on the compromised server.

However, Microsoft said that it has not yet seen “any impact to the security of our enterprise services and have not experienced any degraded service availability due to this vulnerability.”

Although the bug only affects systems with certain configurations, Microsoft explained that “any system using JDK 9.0 or later and using the Spring Framework or derivative frameworks should be considered vulnerable.”

Admins are advised to check that their servers are vulnerable to Spring4Shell attacks by issuing a non-malicious command.

For more information, read the original story in BleepingComputer.

Attackers Target Microsoft’s Cloud Services Spring4Shell RCE Flaw

Top Stories

Amazon shuts down internal AI leaderboard after employees found ways to game the system

Google CEO pushes back on ‘Google Zero’ fears

Tesla insiders say they wouldn’t trust Full Self-Driving

Meta cuts jobs as it doubles down on AI

CISA exposed internal passwords and cloud keys in public repository

Jury throws out Elon Musk’s lawsuit against OpenAI and Sam Altman

Related Articles

Amazon shuts down internal AI leaderboard after employees found ways to game the system

Amazon sued over Ring facial recognition feature

Ottawa orders review of CRTC decision that tripled streaming fees

Anthropic expands Claude Mythos to 150 organizations across 15 countries

TND Newsdesk

TND Newsdesk

Jim Love