The Spring4Shell Java flaw is dangerous and mostly affects technology companies, says security researcher Check Point. Furthermore, the company says threat actors are still actively hunting for an exploit for the vulnerability.
Check Point says the bug could create software supply chain issues and providers should be paying close attention to the flaw. In fact, Microsoft has issued its own warning urging its customers to patch their systems to avoid the critical vulnerability that affects Java apps
The list of bugs includes CVE-2022-22947, which was a problem in VMware Tanzu, alongside CVE-2022-22963 and CVE-2022-22965, affecting Java applications.
Exploits
According to Check Point, threat groups are seeking exploits against the flaws. The firm points out 16% of global organizations have faced attempted exploitation attacks against them. Most target companies are in Europe and since the Spring4Shell vulnerability was found, 37,000 attempts have been recorded.
“The most impacted industry is software vendor where 28% of the organization were impacted by the vulnerability,” Check Point says. Next is education/research organizations, followed by education/research.
“Organizations using Java Spring should immediately review their software and update to the latest versions by following the official Spring project guidance,” Check Point says.
Java is still one of the most common languages for building applications in the enterprise space. As such, millions of apps and thousands of organizations are potentially at risk. Microsoft is telling customers Windows 11 can monitor register keys via mobile device management to protect against these kinds of flaws.
Tip of the day: Windows Update downloads can often be frustrating because they are several gigabytes in size and can slow down your internet connection. That means your device may work with reduced performance while the update is downloading. In our guide we show you how to limit bandwidth for Windows Update downloads, so they won't bother you again.
