A severe flaw in a widely used software tool, which was easily exploited in the online game Minecraft, is quickly gaining traction as a significant danger to businesses worldwide.
“Right now, the internet is on fire,” said Adam Meyers, senior vice president of intelligence at Crowdstrike, a cybersecurity firm. “People are scrambling to patch,” he said, “and all kinds of people scrambling to exploit it.” He told Friday morning that the flaw had been “fully weaponized” in the 12 hours since it was discovered, implying that malefactors had created and distributed tools to attack it.
The flaw could be the most severe computer flaw uncovered in years. It was discovered in a utility found in many cloud servers and enterprise software utilized in business and government. It gives criminals, spies, and programming newbies easy access to corporate networks, allowing them to steal essential data, plant malware, wipe crucial information, and much more unless it is corrected.
Joe Sullivan, chief security officer for Cloudflare, said, “I’d be hard-pressed to think of a company that’s not at risk,” a company that defends websites from hostile actors online.
Just hours after the issue was publicly discovered, New Zealand’s computer emergency response team was among the first to notify that the flaw was being “actively exploited in the wild” and released a patch.
Microsoft announced that a software update for Minecraft users had been released. It stated that “Customers who apply the fix are protected,”
According to Sullivan, there was no sign that Cloudflare’s systems had been hacked. Apple, Amazon, and Twitter did not comment on the issue.