Log4j Vulnerability Explained
CVE-2021-44228, also named Log4Shell or LogJam, is a Remote Code Execution (RCE) class vulnerability. If attackers manage to exploit it on one of the servers, they gain the ability to execute arbitrary code and potentially take full control of the system.
Log4j Vulnerability Key Take Away
- Vulnerability is present in all applications embedding Log4j, versions 2.0 to 2.14.1 for audit logging feature. Mainly Apache stack but also applications like Elastic search, Redis, etc.
- According to researches from SLF for Java Project older versions of log4j (versions 1.x) are not vulnerable.
- Vulnerability is based on forcing applications to log a specific string which forces vulnerable systems to download and run malicious script from attacker-controlled domain.
- Attack can be blocked with a config change and a patch.
- Update any Apache versions 2.0 to 2.14.1 to 2.15
How Bad is The Vulnerability?
As of December 2021 this is the most high-profile security vulnerability on the internet right now and comes with a severity score of 10 out of 10 in CVSS. This is a severe risk to company data leak and data lost.
CVE-2021-44228
As an example: Canada Revenue Agency shut down online services over this global security vulnerability on December 11, 2021. This was done to ensure that the latest patches are up to date and does not leave any information leak on the internet.
What Is The Log4j Vulnerability?
It is a flaw in the Java library (Log4J) for logging error messages from applications. The library is developed by the open-source Apache Software Foundation and is a key Java-logging framework.
What Systems Can The Log4j Exploit?
Log4j Vulnerability affects everything from the cloud to servers and security devices. Anything running Apache Log4J, versions 2.0 to 2.14.1 is vulnerable.
Systems That Can Be Affected Include
- Windows systems running Java
- MacOS systems running Java
- Linux systems
- Hardware including firewalls, network security devices, and more
What You Need to Know and How to Protect Yourself
Upgrade any servers using Apache versions 2.0 to 2.14.1 to version 2.15.0 or later immediately.
Update and patch any and all affected network hardware and servers.
How Do I Ensure My Network Is Safe If I Don’t Know How to Update This Myself?
Contact us TODAY! for a free consultation and we will take it from here. We will manage analysis and patching and security of your network, computers and servers! IT Real Simple can help ensure the safety of your data for your business and clients.
Microsoft has also provided a full guide on how to protect against the Log4j 2 exploit Check here for the latest information
Sources:
https://www.zdnet.com/article/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself/
https://www.kaspersky.com/blog/log4shell-critical-vulnerability-in-apache-log4j/43124/
Canada Revenue Agency shuts down online services over global ‘security vulnerability’ – National | Globalnews.ca
https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/
