Log4j Vulnerability Explained
CVE-2021-44228, also named Log4Shell or LogJam, is a Remote Code Execution (RCE) class vulnerability. If attackers manage to exploit it on one of the servers, they gain the ability to execute arbitrary code and potentially take full control of the system.
Log4j Vulnerability Key Take Away
How Bad is The Vulnerability?
As of December 2021 this is the most high-profile security vulnerability on the internet right now and comes with a severity score of 10 out of 10 in CVSS. This is a severe risk to company data leak and data lost.
As an example: Canada Revenue Agency shut down online services over this global security vulnerability on December 11, 2021. This was done to ensure that the latest patches are up to date and does not leave any information leak on the internet.
What Is The Log4j Vulnerability?
It is a flaw in the Java library (Log4J) for logging error messages from applications. The library is developed by the open-source Apache Software Foundation and is a key Java-logging framework.
What Systems Can The Log4j Exploit?
Log4j Vulnerability affects everything from the cloud to servers and security devices. Anything running Apache Log4J, versions 2.0 to 2.14.1 is vulnerable.
Systems That Can Be Affected Include
What You Need to Know and How to Protect Yourself
Upgrade any servers using Apache versions 2.0 to 2.14.1 to version 2.15.0 or later immediately.
Update and patch any and all affected network hardware and servers.
How Do I Ensure My Network Is Safe If I Don’t Know How to Update This Myself?
Contact us TODAY! for a free consultation and we will take it from here. We will manage analysis and patching and security of your network, computers and servers! IT Real Simple can help ensure the safety of your data for your business and clients.
Microsoft has also provided a full guide on how to protect against the Log4j 2 exploit Check here for the latest information
Canada Revenue Agency shuts down online services over global ‘security vulnerability’ – National | Globalnews.ca