Cybersecurity professionals believe this issue will only worsen
Currently, there is no end in sight for the Log4j exploitation. Cybersecurity professionals have worked feverishly to patch this vulnerability, including releasing new services to protect users from such exploitation.
The attack presented by Log4j is multilayered, with the capability for widespread exploitation. Cybersecurity professionals have labeled this a cybersecurity catastrophe for several reasons. One of the major reasons is it leaves the door open for unauthenticated RCE, as well as a complete server takeover.
Everything happened relatively quickly, ranging from dozens of mutations within the first day of its discovery by a holistic Log4Shell attack chain created by the ransomware gang Conti.
Dec. 28 Apache released the latest patch, 2.17.1 to fix the arbitrary code execution in Log4j. The Apache foundation posted this statement to elaborate on what this patch should fix:
“Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.”
Microsoft’s new services to combat this vulnerability includes “new advanced hunting schema and support for Linux…requires updating the Microsoft Defender for Linux client; new Microsoft Defender for Containers solution.”
The intelligence teams at Microsoft have been combing through every nook and cranny to track threats taking advantage of the RCE vulnerability. Within the past week, they’ve seen threat actors launch exploit attempts and believe this vulnerability issue will only worsen.
Recommended course of action:
- Download 2.17.0 patch as soon as possible.
For more information on how we plan to protect your systems, please give us a call today.