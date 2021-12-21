Today we echo the exploit Log4J / Log4Shell, which remotely attacks Java-based systems allowing hackers to take control of exposed servers on the web by sending and activating a malicious text string.

AMD is one of the few that has emerged unscathedas it has affected tech giants like Intel, Microsoft or Nvidia. This exploit is in the open source Apache Log4j library that logs events and errors within Java-based applications. In other words, is a vulnerability linked to software, and not the hardware as we have been used to seeing for years (Specter, Meltdown, etc).

AMD announced that, following a preliminary investigation, none of their products appear to be affected by the vulnerability. However, considering the potential impact of it, AMD said that “continue your analysis“.

In Intel’s case, its affected products are:

Intel Audio Development Kit

Intel Datacenter Manager

oneAPI sample browser plugin for Eclipse

Intel System Debugger

Intel Secure Device Onboard

Intel Genomics Kernel Library

Intel System Studio

Computer Vision Annotation Tool maintained by Intel

Intel Sensor Solution Firmware Development Kit

Nvidia lists four possible products that could have a high percentage of being affected by Log4J, especially if the drivers for the products are out of date since their release:

CUDA Toolkit Visual Profiler and Nsight Eclipse Edition

DGX Systems

NetQ

vGPU Software License Server

As for Microsoft, the company has issued updates for two of its products that target this vulnerability: Its Azure Spring Cloud employs certain elements of Log4J in the boot process, making it vulnerable to exploits unless it is updated. The application Azure DevOps Microsoft has also received mitigations aimed at nullifying the exploit.