New Zero-Day Vulnerability Apache Log4Shell
What We Know
A new critical zero-day vulnerability has been detected, is widely distributed, and is easily exploitable, allowing attackers to gain full control over affected servers. The vulnerability was identified within Apache Log4j 2, an open-source Java package used to enable logging in many popular applications. The issue can allow remote access to your computer through public servers you access running the Apache Log4j Java-based logging library.
This vulnerability (CVE-2021-44228) has received the maximum severity rating of 10 on the Common Vulnerability Scoring System scale and has been dubbed as “Log4Shell.” This critical vulnerability has already been targeted in the wild. It can be deployed against anything from enterprise software to web apps and products from Apple, Amazon, Cloudflare, Twitter, and Steam. These efforts will continue and expand so addressing the vulnerability as soon as possible is critical.For remediating this vulnerability, the Apache Software Foundation (ASF) says that “this behavior can be mitigated by setting system property ‘log4j2.formatMsgNoLookups’ to ‘true’ or by removing the JndiLookup class from the classpath.” Updating the log4j-core.jar to version 2.15.0, which was released on Saturday, fixes the problem: https://logging.apache.org/log4j/2.x/security.html
GreenPages will continue to monitor and provide further updates on remediation efforts for this critical vulnerability.
Here are additional resources for further insight:
GreenPages stands ready to help you mitigate the above vulnerability and other risks. At present we recommend:
Following the remediation recommendations provided here immediately: https://logging.apache.org/log4j/2.x/security.html
Implementing strong passwords and enabling Multi-factor Authentication (MFA)
Understanding your network environment and having strong asset and change management disciplines and governance
Developing a strong patch and vulnerability management program and keeping all systems and network devices up-to-date
Implementing modern security monitoring techniques including MDR, XDR, and SOC/SIEM services