PSA-MINERCRAFT-RCE-EXPLOIT
A new Minecraft exploit has been circulating, allowing remote code execution via Minecraft chat. It can be characterized by a period of lag whenever it is run. The message in chat example:
Affects any MC client under 1.12.2 OR using MultiMC and a java version under java 8_u191
How it works
How to check if you have been affected
Follow these steps Tutorial for searching your Minecraft logs:
- Extract the log files
- Download and open Notepad++
- Click Search > Find in Files
- A new window will appear.
- Under "Find what," type jndi:ldap
- Under "Directory," Select your logs folder located in your Minecraft directory. Example: C:\Users{Your Username Here}\AppData\Roaming.minecraft\logs
- Click "Find All."
- If you see jndi:LDAP appear, message rebane2001#3716 as he's the main guy investigating this. ^^ONLY MESSAGE HIM IF THIS STRING APPEARS IN YOUR LOGS^^
If you have been affected
While the chat code exploit only affected your IP Adress I would recommend resetting your PC anyways if you used the Minecraft launcher on 12/19/21 and before @23:00 EST or MultiMC and a java version under java 8_u191
FIX
NOTE: The JVM args -Dlog4j2.formatMsgNoLookups=true do NOT currently fix the exploit.
Restart your Minecraft launcher to get the new config files
Install latests java from Adoptium if you are using MultiMC and change your java version by pressing edit instance -> settings -> java installation -> auto detect -> choose the latest version of java 8 -> press ok
Biggest fix is just don't play Minecraft for a today, or a few days until there is a public and certain fix :)
