What does this mean for me and my school?
Spring Cloud and Spring Core are Java components, similar to Log4j which you may remember from just before Christmas. Because they're part of Java, it might not be clear if the software you use in your school contains these components - it's one of the challenges of these supply chain attacks.
What should I do?
If you have Java-based software that's exposed to the internet, be ready to update and apply patches when they become available to you. If you're not sure about a specific piece of software, contact the supplier in the first instance.
Is any school-specific software affected?
We're not currently aware of any school-specific software that's affected, but it's early days. If we are alerted to any well-known or widely used school-software that is affected, we'll update you here (and likely other places too depending how widely used it is). If you're aware of any software that's affected, you can share it on this thread, or reach out to the Cyber Security in Schools team at cyber.security@education.govt.nz
What is remote code execution?
Remote code execution is when an attacker can take control of a target device or system. In this instance it can be done by using a vulnerability in Java software.
|