According to one team tracking its impact, within days of discovering a vulnerability in Log4Shell servers supporting the game Minecraft, criminals made millions of attempts to breach the Log4j 2 Java Library. This vulnerability is a potential threat to millions of additional applications and devices worldwide.
Here is some information you need to know about the Log4Shell vulnerability.
What is Log4Shell?
Log4Shell is a vulnerability in Apache Log4j 2, a popular Java library that logs error messages in applications. First published as CVE-2021-44228, it enables a remote attacker to take control of a device running some versions of Log4j 2 on the internet.
The library is published by the Apache Software Foundation. They gave the vulnerability a CVSS score of 10 out of 10, the highest-level severity score. This is because of how easily it can be exploited by a bad actor.
When did experts discover the original vulnerability?
Chen Zhaojun, a security researcher at Alibaba Cloud, was the first to report the problem to the Apache Foundation on November 24th, 2021. An attack was discovered on December 9th on the servers that host the online game Minecraft. After further analysis, the Foundation realized that malicious actors had discovered it and had been exploiting the vulnerability as early as December 1st.
What is the risk from the Log4Shell vulnerability to the library?
Log4Shell is considered a zero-day vulnerability because it was discovered and exploited before it was identified by experts. What makes it particularly dangerous is how widespread the Log4j 2 library is. The impact is compounded by how easy it is to exploit this vulnerability. It’s present in major platforms like Amazon web services and other services, large and small. The number of dependencies makes patching a complex, time-consuming process.
What does Log4j 2 do?
Log4j 2 is the most widely used logging framework online. Large and small organizations have integrated it into their applications including major cloud providers like Apple, Google, and Microsoft, along with platforms like Twitter and Stream. Log4j 2 logs messages from software and searches for errors. The data range is wide and covers everything from basic browser and web page information to technical details about the system running the program. Log4j 2 can also execute commands to generate logging information by communicating with other sources including internal directory services.
How does this vulnerability cause damage?
Because the library communicates with other sources and internal directory services, bad actors can feed Log4j 2 malicious commands to download and execute dangerous code. How hackers exploit the vulnerability depends on the affected system. Attacks have included compromising virtualization infrastructure, installing and executing ransomware, stealing system credentials to take control over compromised networks, and exfiltrating critical data.
To combat this vulnerability, install any updates provided by the product manufacturers you use. If your organization uses the Log4j 2 library in your applications or infrastructure, be sure to update it. The same is true for third-party applications. The version 2.17.0 release fully secures the library against the Log4Shell vulnerability.
About Logista Solutions
Logista Solutions is a nationally recognized leader in a broad range of technology management solutions. As one of the largest technology support providers in the U.S., Logista provides innovative and holistic solutions to help companies take control of their IT infrastructure and achieve better business outcomes. Popular services include Managed IT as a Service, VoIP and Unified Communications, Managed Print, Cloud Services and Asset Disposition.