MICROSOFT bosses are warning users about a vulnerability that foreign hackers allegedly exploited.
Researchers say that the “CVE-2021-44228” flaw in the software Apache Log4j is being taken advantage of by ransomware and nation-state actors.
2
Apache Log4j is a Java-based utility logging tool.
The vulnerability could allow attackers to take control of Java-based web servers, allowing them to potentially launch remote-code execution attacks.
Microsoft says the vulnerability has been used by groups in China, North Korea, and Iran.
The Iranian actor PHOSPHORUS has reportedly deployed ransomware and amended the Log4j exploit.
Microsoft bosses say that HAFNIUM, a threat operating out of China, has used the vulnerability to target virtualization infrastructure.
Users are encouraged to switch on Microsoft 365 Defender – which helps protect their device against new and emerging threats.
Most read in Tech
And, they are encouraged to download the latest security updates to their devices.
Microsoft customers using Azure Firewall Premium have enhanced protection from the vulnerability.
Americans should also block files from running or being downloaded unless they meet a specific criteria.
Security bosses fear that cyberattackers could take over computer services if left unpatched, according to CNET.
Most of the attacks Microsoft has logged involves attackers trying to thumbprint vulnerable systems.
Cybersecurity firm Check Point said in a report: “It is clearly one of the most serious vulnerabilities on the internet in recent years. The potential for damage is incalculable.”
‘SERIOUS VULNERABILITY’
Jen Easterly, director of the CISA, said: “To be clear this vulnerability poses a severe risk.”
Experts have warned that a Microsoft update may be the only fix to this new flaw.
Security researcher Abdelhamid Naceri told BleepingComputer: The best workaround available at the time of writing this is to wait for Microsoft to release a security patch, due to the complexity of this vulnerability.”
Microsoft has said it is aware of the vulnerability and is working to protect users.
“We are aware of the disclosure and will do what is necessary to keep our customers safe and protected,” the company said in a statement to Bleeping Computer.
“An attacker using the methods described must already have access and the ability to run code on a target victim’s machine.”
Microsoft continues to warn users about potential cyber threats.
The company’s Threat Intelligence Center revealed last month that it had detected attempts to target systems that run a software called Zoho ManageEngine ADSelfService Plus.
Zoho, an India-based technology corporation, describes its ManageEngine service as an IT managing software.
Authorities are worried Zoho could act as an entry point for hackers to access other information inside important servers.
Attackers have successfully hacked into at least nine global entities in key sectors, like technology, defense, healthcare, energy, and education.
The hacker group, dubbed DEV-0322 by Microsoft, was previously identified as the perpetrator of a flaw in SolarWinds software.
The Sun has approached Microsoft for comment.
2
Warning about FAKE Microsoft emails here are the red flags to watch to protect your device
