Log4Shell - Critical Vulnerability Affecting Organizations Worldwide

On December 10th, 2021 a zero-day vulnerability was disclosed affecting the extremely popular log4j Java library. This library is used to log various items produced by a Java based program. The vulnerability has the potential to give an attacker full control of an affected system.

What makes this vulnerability particularly nasty is a few things...

1. It is widely used in millions of Java based applications across thousands of organizations.
2. The exploit is trivial to reproduce and proof of concepts are public.
3. Detection of the vulnerability is difficult as there is not a good, unique string to look for in exploit requests.
4. Application dependencies are often difficult to track and you may not even know you are vulnerable.

Learn more about the vulnerability at the following websites:

• https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance
• https://www.wsj.com/articles/what-is-the-log4j-vulnerability-11639446180
  

So how do you protect your business against this vulnerability?

If your organization actively develops Java based applications perform the following:

1. Check all code repositories for the use of the log4j library and if it is in use, upgrade the library immediately to 2.16 per CISA guidance.
2. If your log4j applications are exposed to the internet, investigate the system for a potential compromise.

ALL organizations should review the repository below for vendor responses to this vulnerability. Check this list against ones that are in your environment to ensure your systems stay up to date.

Vendor Checklist - https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592

Need some help?

Contact FalconOps (https://falconops.com) to make sure your organization is protected against this latest threat and to receive a free three months of our Attack Surface Monitoring service. No strings attached, no sales pitch, and no pressure to continue after - let us show you value before you decide to purchase!

‍