Hacker exploits Spring4Shell vulnerability in Microsoft cloud services
Recently, Microsoft issued an announcement saying that the security team detected an attack that was exploiting the recently exposed Spring4Shell remote code execution vulnerability, targeting its own cloud service products.
Spring4Shell (CVE-2022-229605) exists on Spring Framework which allows an unauthenticated attacker sends a simple HTTP POST to a vulnerable app to execute commands on the server. “Microsoft regularly monitors attacks against our cloud infrastructure and services to defend them better,” the Microsoft 365 Defender Threat Intelligence Team said.
- JDK 9 or higher
- Apache Tomcat as the Servlet container
- Packaged as WAR
- Spring Framework version 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and earlier versions
- spring-webmvc or spring-webflux dependency
In addition, Microsoft says that “any system using JDK 9.0 or later and using the Spring Framework or derivative frameworks should be considered vulnerable.”
On April 5, Check Point released a report assessing that Spring4Shell exploit attempts have reached 16% of all affected devices or organizations, and according to internal monitoring data, over the weekend alone, Check Point researchers detected approximately 37,000 Spring4Shell exploits.