Saturday, June 25, 2022
728x90-EN-BENEFIT-SEASON
Bitdefender WW

AMD remains safe from Log4Shell Java vulnerability while Intel, NVIDIA, and Microsoft gets affected

- Advertisement -

Recently, a Java vulnerability (Log4Shell) was discovered that allows an attacker to remotely execute commands on the exploited machine. The vulnerability affects the logging library in Apache, a widely used open-source server package, and is tracked by the National Institute of Standards and Technology (NIST) as CVE-2021-44228. Any system that can be accessed directly from a browser, mobile device, or application programming interface (API) call is vulnerable.

While AMD has stated that it’s software products are not vulnerable to the exploit, Intel has listed as many as nine Java-based applications that are currently vulnerable.

  • Intel Audio Development Kit
  • Intel Datacenter Manager
  • Intel one API sample browser plugin for Eclipse
  • Intel System Debugger
  • Intel Secure Device Onboard (mitigation available on GitHub)
  • Intel Genomics Kernel Library
  • Intel System Studio
  • Computer Vision Annotation Tool maintained by Intel
  • Intel Sensor Solution Firmware Development Kit

The vulnerability in Apache’s Log4J service allows a hacker to fool the target server into downloading and running arbitrary (malicious) code hosted on a server controlled by the attacker, bypassing numerous levels of software security protections. Importantly, the exploit does not necessitate physical access to the computer. It can be triggered by any server that has access to the internet. This explains why the vulnerability was rated at the highest level possible under the “CVSS 3.0” guidelines: 10. Intel is presently working on releasing updated versions of these applications that address the flaw.

728x90-EN-BENEFIT-SEASON

AMD has stated that no of its products appear to be affected by the issue following early analysis. However, AMD stated that it is “continuing its analysis” in light of the potential implications.

The situation at Nvidia is a little more complicated: There is currently no known exploitable vulnerability when using the most recent releases for each application’s services and sub-services. However, server administrators may not always have the most recent updates installed on their machines, and the company has identified four products that are vulnerable to “Log4Shell” if they are out of date:

  • CUDA Toolkit Visual Profiler and Nsight Eclipse Edition
  • DGX Systems
  • NetQ
  • vGPU Software License Server

Furthermore, Nvidia distributes Ubuntu-Linux packages with its DGX enterprise computing systems, and users can install Apache’s Log4J capability block on their own. As a result, the systems are immune in their out-of-the-box state. However, in circumstances where the Log4J service was installed, Nvidia is advising customers to update it to the most recent version, which closes the hole.

- Advertisement -

Microsoft has released updates for two of its products that address this vulnerability: Certain Log4J elements are used in the boot process of the Azure Spring Cloud, making it vulnerable to exploits unless updated. Microsoft’s Azure DevOps application has also been patched to prevent the hack from being used.

also read:

Apple starts the trial production of its iPhone 13 in India

Source

- Advertisement -
spot_img
Nivedita Bangari
Nivedita Bangari
I am a software engineer by profession and technology is my love, learning and playing with new technologies is my passion.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Articles

Bitdefender WW

More To Consider

Stay Connected

13,642FansLike
62FollowersFollow
156FollowersFollow
Myntra [CPS] IN

Hot Topics

spot_img

Latest Articles

Trending

Bigrock [CPS] IN

Featured

Adblocker detected! Please consider reading this notice.

We've detected that you are using AdBlock Plus or some other adblocking software which is preventing the page from fully loading.

We don't have any banner, Flash, animation, obnoxious sound, or popup ad. We do not implement these annoying types of ads!

We need money to operate the site, and almost all of it comes from our online advertising.

Please add technosports.co.in to your ad blocking whitelist or disable your adblocking software.

×