AMD remains safe from Log4Shell Java vulnerability while Intel, NVIDIA, and Microsoft gets affected

Recently, a Java vulnerability (Log4Shell) was discovered that allows an attacker to remotely execute commands on the exploited machine. The vulnerability affects the logging library in Apache, a widely used open-source server package, and is tracked by the National Institute of Standards and Technology (NIST) as CVE-2021-44228. Any system that can be accessed directly from a browser, mobile device, or application programming interface (API) call is vulnerable.

While AMD has stated that it’s software products are not vulnerable to the exploit, Intel has listed as many as nine Java-based applications that are currently vulnerable.

  • Intel Audio Development Kit
  • Intel Datacenter Manager
  • Intel one API sample browser plugin for Eclipse
  • Intel System Debugger
  • Intel Secure Device Onboard (mitigation available on GitHub)
  • Intel Genomics Kernel Library
  • Intel System Studio
  • Computer Vision Annotation Tool maintained by Intel
  • Intel Sensor Solution Firmware Development Kit

The vulnerability in Apache’s Log4J service allows a hacker to fool the target server into downloading and running arbitrary (malicious) code hosted on a server controlled by the attacker, bypassing numerous levels of software security protections. Importantly, the exploit does not necessitate physical access to the computer. It can be triggered by any server that has access to the internet. This explains why the vulnerability was rated at the highest level possible under the “CVSS 3.0” guidelines: 10. Intel is presently working on releasing updated versions of these applications that address the flaw.

AMD has stated that no of its products appear to be affected by the issue following early analysis. However, AMD stated that it is “continuing its analysis” in light of the potential implications.

The situation at Nvidia is a little more complicated: There is currently no known exploitable vulnerability when using the most recent releases for each application’s services and sub-services. However, server administrators may not always have the most recent updates installed on their machines, and the company has identified four products that are vulnerable to “Log4Shell” if they are out of date:

  • CUDA Toolkit Visual Profiler and Nsight Eclipse Edition
  • DGX Systems
  • NetQ
  • vGPU Software License Server

Furthermore, Nvidia distributes Ubuntu-Linux packages with its DGX enterprise computing systems, and users can install Apache’s Log4J capability block on their own. As a result, the systems are immune in their out-of-the-box state. However, in circumstances where the Log4J service was installed, Nvidia is advising customers to update it to the most recent version, which closes the hole.

Microsoft has released updates for two of its products that address this vulnerability: Certain Log4J elements are used in the boot process of the Azure Spring Cloud, making it vulnerable to exploits unless updated. Microsoft’s Azure DevOps application has also been patched to prevent the hack from being used.

also read:

Apple starts the trial production of its iPhone 13 in India

Source

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More like this

Meta Takes on Nvidia: Testing Its First In-House AI Training Chip

Meta Takes on Nvidia: Testing Its First In-House AI...

Tech giant Meta has taken a monumental step toward self-reliance by testing its first in-house AI training...
AMD Ryzen 9 9950X3D Benchmarked: 14% Faster Than 7950X3D in Single-Thread Performance

AMD Ryzen 9 9950X3D Benchmark: 14% Faster Than 7950X3D...

The competition in the high-performance CPU market is heating up as AMD prepares to launch its Ryzen...
AMD Zen 6 Medusa Ridge CPUs

AMD Zen 6 Medusa Ridge CPUs: 12, 24 &...

AMD Zen 6 Medusa Ridge CPUs: AMD is gearing up to revolutionize the CPU market with its...
NVIDIA RTX PRO 6000 Blackwell

NVIDIA RTX PRO 6000 Blackwell: 24,064 Cores, 96GB GDDR7,...

NVIDIA RTX PRO 6000 Blackwell: NVIDIA's RTX 50-series, based on the Blackwell architecture, introduces significant advancements in...

Microsoft’s Largest R&D Hub Outside Redmond Coming to Noida...

Uttar Pradesh Chief Minister Yogi Adityanath today laid the foundation stone for Microsoft’s new 15-acre India Development...

LATEST NEWS

EA FC25 Nick Pope Flashback SBC: Unlock the Ultimate Goalkeeper for Your Ultimate Team

In the fast-paced world of EA FC25 Ultimate Team, where every weekend league is a battle and every division rivals match is a test...

LoLdle 980 Answers Unveiled: Shaco, Kayle, and More – Master Your Daily League of Legends Puzzle

In the ever-expanding universe of League of Legends, where champions clash and legends are born, a new daily ritual has captured the hearts and...

FragPunk Ranked System Unveiled: Master the 7-Tier Competitive Ladder and Dominate the Game

In the heart-pounding world of competitive gaming, FragPunk has emerged as a force to be reckoned with, offering adrenaline-fueled matches and a robust ranking...

EA FC25 Yaya Toure FUT Birthday Hero SBC: The Ultimate Midfield Powerhouse Leaked

In the ever-evolving world of EA FC25 Ultimate Team, leaks and rumors can set the community ablaze with excitement. The latest buzz surrounds...

Featured