Security pros say it’s one of the worst computer vulnerabilities they’ve ever seen. Firms including Microsoft say state-backed Chinese and Iranian hackers and rogue cryptocurrency miners have already seized on it. The Department of Homeland Security has sounded a dire alarm, ordering federal agencies to urgently find and patch bug instances because it’s so easily exploitable — and telling those with public-facing networks to put up firewalls if they can’t be sure. A small piece of code, the affected software often undocumented. Lodged in an extensively used utility called Log4j, the flaw lets internet-based attackers easily seize control of everything...