Since this week circulates a threatening security gap (also called zero-day vulnerability) in the Java software library (log4j), which has since threatened many programs and half the Internet. The National Cyber Security Centre (NZCS) has thereby IT Threat Situation 4 / Red proclaimed: https://www.ncsc.admin.ch/ncsc/de/home/aktuell/im-fokus/log4j.html
All-clear for Winet customers and partners:
✅ Winet's products, services & services are not affected by the circulating Java security vulnerability and can still be used without hesitation
The IT threat makes half the Internet unsafe. A zero-day vulnerability that exploits a flaw in the Java software Log4j leaves numerous servers, programs and apps vulnerable. Cybersecurity experts worldwide warn.
Cause and effect
Many applications and online services written in the Java programming language are not available because of a until recently unknown Java vulnerability vulnerable.
On December 9, IT security experts and various websites drew attention to a zero-day vulnerability in the Java logging library Log4j. The vulnerability, which has since been given the number "CVE-2021-44228", could lead to attackers being able to access affected computers malware execute. This IT threat, known as Remote Code Execution (RCE), is considered one of the most potentially devastating attacks.
According to IT security authorities in various countries, attacks have already taken place. Apparently, information about the vulnerability and an included attack tool (exploit) have been published on the Internet.
Which services are affected
Several million apps, programs and services from different vendors use log4j for logging. This includes especially the following manufacturers and services:
- Apache applications (Struts, Solr and Druid)
- Online games like "Minecraft
What counteracts the threat?
Many server administrators (admins) have been trying to save their software and programs and secure their systems since the security vulnerability appeared. Only recently, the first software updates ("patches") have been made available.
Internet users should be especially careful in the near future and, above all, must count on the providers to install the patch quickly.