Most Critical Vulnernability for a Decade

Log4Shell is the name of a vulnerability that has the internet scrambling. The hackable flaw is in a commonly used software tool has become a major threat to computer webservers around the world.
The exploit is known as a ‘zero-day’ vulnerability, which allows users of the spyware to infect a device and the user doesn't know they have been hacked.

“The internet’s on fire right now. People are scrambling to patch and all kinds of people scrambling to exploit it.” said Adam Meyers from Crowdstrike. Since the bug’s existence was discovered, it had been “fully weaponized”, meaning bad guys had developed and distributed tools to gain everything they could from it.

The flaw, named “Log4Shell”, may be the worst computer vulnerability found in a decade. It was discovered in a commonly used logging tool, Log4j, that is used by many cloud servers. Until it is fixed, it grants criminals, bad guys and even noob nerds, easy access to networks where they can steal data, plant malware or just cause trouble. They can program almost anything they want with the access this hack gives them.

Amit Yoran, from the cybersecurity firm Tenable, described Log4Shell as “the single biggest, most critical vulnerability of the last decade”

Experts said the extreme ease with which the flaw lets a hacker access a web server with full admin rights without any password.

The vulnerability, was discovered in Apache software used to run websites and many other services on websites, on 24 November by the Chinese tech giant Alibaba. It took two weeks for them to develop and release a fix. Many other servers have not yet this developed or installed this.

But patching systems around the world is a complicated task. Most organizations and cloud service providers such as Amazon Web Services should be able to update their security easily, some software is also often embedded in third-party programs, which can only be updated by their owners.

The first signs of the flaw appeared in Minecraft, an online game very popular with kids and adults alike, and owned by Microsoft. Users were already using it to run programs on the computers of other users by pasting a short message (of code) in a chat box.

Microsoft announced it had released a software update for Minecraft users. “Customers who apply the fix are protected,” it said.

https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition

What can you do? If you are hosting a webserver you need to make sure all your updates and security are full up to date. If you are just a normal computer user then make sure Windows is up-to-date, your Antivirus is fully functional and updated, and update any programs you use that access the web - e.g. Minecraft.