Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
SystemPatches of dangerous vulnerabilities being exploited by hackers contain dangerous holes and then continue to be exploited by hackers
Not long after the Log4j vulnerability was discovered, the patch was released. However, the irony is that this patch has holes.
In early December, the world was shocked when a critical code execution vulnerability was discovered in Log4j, a utility used by virtually every cloud computing service and enterprise network. Immediately, open source developers released an update to patch the bug and urged users to install the patch immediately.
Now researchers report that there are at least two vulnerabilities in the Log4j 2.15.0 patch update. Not only that, hackers are also exploiting one of those two vulnerabilities, targeting targets that have installed the patch. Therefore, the researchers once again urge everyone to quickly install the Log4j 2.16.0 update to patch the vulnerability being tracked under the code CVE-2021-45046.
According to the researchers, patch 2.15.0 is incomplete in some non-default configurations, creating an opportunity for hackers to perform DDoS attacks. This can cause the attacked servers to be completely paralyzed until restarting or other actions are taken.
Version 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.
The remaining vulnerability in patch 2.15.0 discovered by security firm Praetorian is related to information leakage. Hackers can exploit this vulnerability to download data from affected servers. The company has reported the issue to the Apache Foundation but still strongly advises users to install patch 2.16.0 as soon as possible.
- More than 40 Windows drivers contain dangerous privilege escalation vulnerabilities
- Detects code execution vulnerabilities in WinRAR, noting more than 100 infringement cases
- Top 5 most dangerous remote execution vulnerabilities in early 2020, some even automatically infect other computers without users knowing.
- Warning of dangerous vulnerabilities on WinRAR, users should uninstall or upgrade to a new version
- Google Chrome has an urgent update, patching a serious zero-day vulnerability being exploited by hackers
- Trojan attacks on dangerous errors in Windows
- PortSmash - New vulnerability on multi-threaded CPU
- The NSA issued an urgent warning about a critical vulnerability appearing in Windows servers
- NVIDIA Jetson chipset contains a series of security holes that allow data theft, DDoS attacks
- Microsoft fixes a serious vulnerability that has existed for 17 years in Windows Server
- There is a serious security vulnerability that has existed for 18 years in AMD processors, but it is not too worrying
- Many major vulnerabilities found in Kaspersky Antivirus for Linux servers, download the patch here
- Super fast 'meat-eating' computer viruses
- Detecting vulnerabilities in the QR code reader tool of iOS 11 may trick users into accessing malicious websites
- The new Specter vulnerability appears to be a new variant that easily 'crashes' secure partitions created by Intel SGX
- Discovering more vulnerabilities makes Bluetooth devices vulnerable to malicious attacks
-
Patch Tuesday security patch causes blue screen errors and slows down Windows 10 - Microsoft released a patch for IE 11 on Windows 8.1
- Microsoft is preparing to release a series of new security holes
- Microsoft will soon fix stutter and lag when playing games on Windows 10
- Detected two extremely serious vulnerabilities in the rConfig utility
- 5 best patch management and monitoring software
Patch Tuesday security patch causes blue screen errors and slows down Windows 10 
Microsoft released a patch for IE 11 on Windows 8.1 
Microsoft is preparing to release a series of new security holes 
Microsoft will soon fix stutter and lag when playing games on Windows 10 
Detected two extremely serious vulnerabilities in the rConfig utility 
5 best patch management and monitoring software 
Windows XP
Windows Server 2012
Windows 8
Windows 7
Windows 10
Wifi tips
Virus Removal - Spyware
Speed up the computer
Server
Security solution
Mail Server
LAN - WAN
Ghost - Install Win
Fix computer error
Configure Router Switch
Computer wallpaper
Computer security
Windows 11
Mac OS X
Hardware
Game