Microsoft warns Minecraft Java players about a major vulnerability

Minecraft’s Java players need to update their game to secure it

A security vulnerability has been uncovered in Minecraft’s Java version, an exploit within Java’s Log4j library that impacts numerous applications, not just Minecraft Java Edition.

Microsoft has now urged all users of Minecraft Java Edition to update their games to remove this vulnerability. Players are urged to close all instances of Minecraft and update their game launcher. Modified Minecraft clients may not update themselves automatically.

Operators of Minecraft servers have additionally been asked to update their servers or take other measures to secure their servers. If this is not possible, other workarounds can be used to secure your Minecraft server.

   Hello everyone! Earlier today, we identified a vulnerability in the form of an exploit within Log4j – a common Java logging library. This exploit affects many services – including Minecraft Java Edition.  

This vulnerability poses a potential risk of your computer being compromised, and while this exploit has been addressed with all versions of the game client patched, you still need to take the following steps to secure your game and your servers.

Microsoft has detailed various mitigations in their blog post on the issue.

Microsoft has confirmed that there are no possible exploits on Minecraft’s Bedrock edition, which means that players of that version of the game does not need to be updated.

You can join the discussion on Minecraft’s Java Edition containing an exploitable Java vulnerability on the OC3D Forums.