Microsoft warns of security vulnerability in Minecraft Java

Publish date: 2022-12-07

Microsoft has urged all Minecraft Java owners to update their game now to avoid a nasty security vulnerability.

The issue allows for remote code execution on Minecraft servers by pasting messages into a chat box, and was flagged online by tech security analysts last Friday. Eurogamer contacted Microsoft at the time.

On Sunday, Microsoft responded with a blog post on the Minecraft blog, and told all Java users to update their games immediately.

For most, this will be as simple as restarting their games to get the new update - but those on modified clients and third-party launchers may need to do more. There's more details on the Minecraft blog.

This log4j (CVE-2021-44228) vulnerability is extremely bad. Millions of applications use Log4j for logging, and all the attacker needs to do is get the app to log a special string. So far iCloud, Steam, and Minecraft have all been confirmed vulnerable.

— Marcus Hutchins (@MalwareTechBlog) December 10, 2021 To see this content please enable targeting cookies. Manage cookie settings

Player safety is the top priority for us. Unfortunately, earlier today we identified a security vulnerability in Minecraft: Java Edition.

The issue is patched, but please follow these steps to secure your game client and/or servers. Please RT to amplify.https://t.co/4Ji8nsvpHf

— Minecraft (@Minecraft) December 10, 2021 To see this content please enable targeting cookies. Manage cookie settings

"Player safety is the top priority for us," Microsoft wrote in a tweet from the official Minecraft account. "Unfortunately, earlier today we identified a security vulnerability in Minecraft: Java Edition.

"The issue is patched, but please follow these steps to secure your game client and/or servers. Please RT to amplify."

There's no known issue associated with the Bedrock version of the Minecraft available for Windows 10 and 11, as well as consoles.

Will you support Eurogamer?

We want to make Eurogamer better, and that means better for our readers - not for algorithms. You can help! Become a supporter of Eurogamer and you can view the site completely ad-free, as well as gaining exclusive access to articles, podcasts and conversations that will bring you closer to the team, the stories, and the games we all love. Subscriptions start at £3.99 / $4.99 per month.

Support us View supporter archive

ncG1vNJzZmivp6x7psHRqJ6apZWne6%2Bx02ikopuipMCwstNmrpqqnqh6sLKMrJycraKewbp51a6jp52ilq%2BquMitsGahnmK6qrrEnKmanqRit6LCwA%3D%3D