Recently security researchers revealed the presence of a new vulnerability for PC and laptop users. Reportedly, this vulnerability is classified as a fairly severe vulnerability.
This new vulnerability was discovered at the Java level (Log4Shell). The hackers are said to be able to execute commands remotely on the exploited machine. It was the National Institute of Standards and Technology (NIST) that discovered this vulnerability.
Researchers say that this Java vulnerability affects the flying library in Apache. This vulnerability compromises any system accessible directly from a browser, mobile device, or application programming interface (or API) call.
This vulnerability is said to attack users of Intel-based PCs and laptops. And here are some parts that hackers can use to carry out attacks:
- Intel Audio Development Kit
- Intel Datacenter Manager
- Intel oneAPI sample browser plugin for Eclipse
- Intel System Debugger
- Intel Secure Device Onboard (mitigation available on GitHub)
- Intel Genomics Kernel Library
- Intel System Studio
- Computer Vision Annotation Tool maintained by Intel
- Intel Sensor Solution Firmware Development Kit
Quoted from Tom's Hardware (21/12), AMD has announced that its software products are safe from this exploit. However, they will still carry out further investigations to ensure that their platform is safe from these vulnerabilities.
On the other hand, NVIDIA is also affected by this vulnerability. However, those who use the latest software versions for services and subservices of each application, users are temporarily safe from these vulnerabilities.
However, NVIDIA also posted four products that are suspected of having a “Log4Shell” vulnerability if outdated. And here are the four products they suspect were attacked:
- CUDA Toolkit Visual Profiler and Nsight Eclipse Edition
- DGX Systems
- vGPU Software License Server
Meanwhile, Microsoft has issued an update for two of its products that are suspected of being affected by this vulnerability, one of which is Azure Spring Cloud because it uses certain Log4J elements in the boot process. They have also mitigated the Azure DevOps application to avoid this exploit.