On Tuesday, March 29, 2022, the world learned of a critical vulnerability in the Spring Java framework. This vulnerability was\u202finitially confused\u202fwith a vulnerability in Spring Cloud,\u202fCVE-2022-22963. However, it was later identified as a separate vulnerability inside Spring Core, now tracked as\u202fCVE-2022-22965\u202fand canonically named Spring4Shell.\u202fand canonically named Spring4Shell. <\/p>\n\n\n\n
Malwarebytes is aware of the vulnerability and has determined that it does not currently impact Malwarebytes products or services.<\/strong> <\/p>\n\n\n\n This\u202fvulnerability\u202faffects Spring Core and allows an attacker to send a specially crafted HTTP request to bypass protections in the library\u2019s HTTP request parser, leading to remote code execution. Several proofs of concept (PoCs) have been published, and we are aware of active exploitation in the wild. <\/p>\n\n\n\n The first step in defending against these attacks is to identify vulnerable software. As soon as we learned about the vulnerability, we immediately investigated to determine any exposure of our products, customers or company systems. Our research indicates that\u202fMalwarebytes products are not impacted by this vulnerability<\/strong>. Any backend or internal corporate systems that are found to be vulnerable are being patched\/upgraded and continuously monitored after patching is complete. We are also in contact with our vendors as a part of our rigorous third-party risk management process to further assess any potential vulnerabilities or impact. <\/p>\n\n\n\n These are the prerequisites for the exploit: <\/p>\n\n\n\n Affected VMware Products and Versions<\/strong> <\/p>\n\n\n\n Severity is critical unless otherwise noted.<\/em> <\/p>\n\n\n\n Users of affected versions should apply the following mitigation: 5.3.x users should upgrade to 5.3.18+, 5.2.x users should upgrade to 5.2.20+. <\/p>\n\n\n\n We may provide additional updates as we have new information or recommendations. <\/p>\n","protected":false},"excerpt":{"rendered":" Malwarebytes products and services are not impacted by Spring4Shell.<\/p>\n","protected":false},"author":119,"featured_media":2815,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_kad_blocks_custom_css":"","_kad_blocks_head_custom_js":"","_kad_blocks_body_custom_js":"","_kad_blocks_footer_custom_js":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[12],"tags":[14],"blog_type":[],"class_list":["post-2853","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-press-releases","tag-malwarebytes"],"yoast_head":"\n