But patching systems around the world could
be a complicated task. While most organizations
and cloud providers such as Amazon should
be able to update their web servers easily, the
same Apache software is also often embedded
in third-party programs, which often can only be
updated by their owners.
Yoran, of Tenable, said organizations need
to presume they’ve been compromised and
act quickly.
The first obvious signs of the flaw’s exploitation
appeared in Minecraft, an online game hugely
popular with kids and owned by Microsoft.
Meyers and security expert Marcus Hutchins said
Minecraft users were already using it to execute
programs on the computers of other users by
pasting a short message in a chat box.
Microsoft said it had issued a software update
for Minecraft users. “Customers who apply the fix
are protected,” it said.
Researchers reported finding evidence the
vulnerability could be exploited in servers run
by companies such as Apple, Amazon, Twitter
and Cloudflare.
Cloudflare’s Sullivan said there we no indication
his company’s servers had been compromised.
Apple, Amazon and Twitter did not immediately
respond to requests for comment.