A critical vulnerability has been first identified in the online game Minecraft, which was discovered when users were using this flaw to hack other users’ systems. The exploit has been dubbed Log4Shell, and it leaves anyone with an unpatched system vulnerable to complete system takeover. Microsoft is urging all users to apply recent Windows updates to remedy this vulnerability.
This vulnerability is surprisingly large in scope and its implications. The Front Page News, Cyber Edition stated “It was uncovered in an open-source logging tool that is ubiquitous in cloud servers and enterprise software used across industry and government. Unless it is fixed, it grants criminals, spies and programming novices alike easy access to internal networks where they can loot valuable data, plant malware, erase crucial information and much more.”
Even though it might seem to only affect online gamers, it is worth mentioning that many Windows installations include Minecraft as a default program. Have your kids used your system lately? Maybe even you’re a Minecraft fan? If so, hackers could be leveraging this sneaky vulnerability right now to compromise your remote workstation, or even your on-location system connected to the company network. Who hasn’t played a few games at lunch? Well… it could be giving hackers an open door to eat your lunch.
The vulnerability isn’t just found in Minecraft, however. Anyone running the open-source Apache software on their system can find themselves vulnerable. This makes it “the single biggest, most critical vulnerability of the last decade” according to Amit Yoran, CEO of Tenable. If you want to read the explanation of how it works and why it matters click here.
Hackers have thus far been able to use this vulnerability against businesses and government organizations. Click the link below to see the available patch here. Contact Secure Network Technologies today to have access to our incident response team.