Status: 12.12.2021 5:46 a.m.
The Federal Office for Information Security is sounding the alarm about a vulnerability that could threaten servers in the network across the board. The authority raised the warning level to red with a view to the security gap.
According to the Federal Office for Information Security (BSI), a weak point in a software module that is widely used on many computers leads to an “extremely critical threat situation”. The authority therefore raised its warning level for the security gap from orange to red.
There are attempts at attacks around the world, some of which have been successful, it said, among other reasons. “The extent of the threat situation cannot currently be conclusively determined.”
Finding Vulnerable Versions
The weak point lies in a widely used library for the Java software. As a result of the security gap, attackers may be able to upload their software code onto the server. For example, they could use this to run their malware there. The vulnerability is limited to a few versions of the library called Log4j.
However, nobody has a full overview of where the endangered versions of Log4j are being used. “At the moment it is not yet known in which products this library is used, which means that at this point in time it is not yet possible to estimate which products are affected by the vulnerability,” said the BSI. If the manufacturer makes updates available, these should be installed immediately, the Office recommends to the service providers.
Installation of updates necessary
Log4j is a so-called logging library. It is there to record various events in server operation like in a log book – for example for a later evaluation of errors. The vulnerability can be activated simply by saving a certain string of characters in the log. This makes it rather easy to exploit, which is a major concern for experts.
The problem was noticed on Thursday on servers for the online game “Minecraft”. IT security firms and Java specialists worked to plug the vulnerability. An update is now available for the affected versions of the open source Log4j library. However, its protection only takes effect when service providers install it. That’s why the firewall specialist Cloudflare built in a mechanism for its customers to block attacks.
The problem was first noticed on servers for the online game “Minecraft”.
Image: dpa
Experts: Not only online systems at risk
Experts warned that it is not just online systems that are at risk. A QR scanner or a contactless door lock could also be attacked if they used Java and Log4j, emphasized Cloudflare.
The IT security industry sees a race against online criminals who, for their part, automatically search for vulnerable servers. “Unfortunately not only security teams, but also hackers work overtime,” says Rainer Trost from the IT security company F-Secure. Attackers could now only install inconspicuous back doors for themselves, warns Trost. “The actual attacks will certainly take place weeks or many months later.”