The record of weak packages does not cease on the boundary of “packages coded in Java,” both. Thanks partially to Java’s inherently-platform-agnostic nature, Log4j has been included in all the things from client-facing purposes like Minecraft to working system-level packages from Microsoft. Unsurprisingly, Intel and NVIDIA even have their very own weak packages to be careful for.
Beginning with MS, the corporate is fast to guarantee companions that it “has not recognized any exploitation of [its] enterprise providers” by means of the Log4shell exploit. Nevertheless, there is a truthful bundle of Microsoft providers which have safety updates to mitigate the vulnerability. Included within the record is Minecraft, after all, however past which might be quite a lot of Azure providers in addition to the corporate’s SQL server software program. You may take a look at the record on Microsoft’s advisory web page.
Over at NVIDIA, there appears to be a bit much less trigger for concern. In its advisory, Workforce Inexperienced instantly notes that its client-facing software program—together with the GeForce Expertise app, its GeForce NOW shopper, the Jetson merchandise, and the SHIELD TV—are all unaffected by the exploit. It does have some weak packages elsewhere, although.
The CUDA Toolkit consists of Log4j in each the Visible Profiler and Nsight Eclipse Version, though apparently it isn’t used in any respect within the Visible Profiler and might merely be eliminated. Equally, DGX OS does not embrace Log4j by default, however NVIDIA advises to verify for it anyway, as it could have been included with third-party software program. NVIDIA’s NetQ and its VGPU software program license server will each be affected and would require upgrading.
However what about group crimson? The home of Ryzen and Radeon put out a quick advisory in regards to the Log4shell exploit, however amazingly, it merely says AMD hasn’t recognized any affected merchandise. Hopefully that is as a result of the corporate wasn’t utilizing Log4j, and never as a result of it merely hasn’t discovered any vulnerabilities.