top of page
Search

New zero-day exploit for Log4j Java library is an enterprise nightmare

Writer: Nathan ClarkNathan Clark

Proof-of-concept exploits for a critical zero-day vulnerability in the ubiquitous Apache Log4j Java-based logging library are currently being shared online, exposing home users and enterprises alike to ongoing remote code execution attacks.


Log4j is developed by the Apache Foundation and is widely used by both enterprise apps and cloud services.


Thus, while home users might have moved away from Java (although popular games like Minecraft still use it), anything from enterprise software to web apps and products from Apple, Amazon, Cloudflare, Twitter, and Steam is likely vulnerable to RCE exploits targeting this vulnerability.

Ongoing scans, exploitation of vulnerable systems

The bug, now tracked as CVE-2021-44228 and dubbed Log4Shell or LogJam, is an unauthenticated RCE vulnerability allowing complete system takeover on systems with Log4j 2.0-beta9 up to 2.14.1.


It was reported by Alibaba Cloud's security team to Apache on November 24. They also revealed that CVE-2021-44228 impacts default configurations of multiple Apache frameworks, including Apache Struts2, Apache Solr, Apache Druid, Apache Flink, and others.


After the first proof-of-concept exploit was published on GitHub yesterday, threat actors began scanning the Internet [1, 2] for systems vulnerable to this remotely exploitable security flaw that doesn't require authentication.


Additionally, CERT NZ (New Zealand's national Computer Emergency Response Team) has issued a security advisory warning of active exploitation in the wild (also confirmed by Coalition Director Of Engineering - Security Tiago Henriques and security expert Kevin Beaumont).


Nextron Systems' Head of Research Florian Roth has shared a set of YARA rules for detecting CVE-2021-44228 exploitation attempts.


Patch and mitigation available

Apache has released Log4j 2.15.0 to address the maximum severity CVE-2021-44228 RCE vulnerability.


The flaw can also be mitigated in previous releases (2.10 and later) by setting system property "log4j2.formatMsgNoLookups" to "true" or removing the JndiLookup class from the classpath.

Those using the library are advised to upgrade to the latest release ASAP seeing that attackers are already searching for exploitable targets.


"Similarly to other high-profile vulnerabilities such as Heartbleed and Shellshock, we believe there will be an increasing number of vulnerable products discovered in the weeks to come," the Randori Attack Team said today.


"Due to the ease of exploitation and the breadth of applicability, we suspect ransomware actors to begin leveraging this vulnerability immediately."


Security company Lunasec also underscored the severity of attacks using CVE-2021-44228 RCE exploits.


"Many, many services are vulnerable to this exploit. Cloud services like Steam, Apple iCloud, and apps like Minecraft have already been found to be vulnerable," Lunasec said.


"Anybody using Apache Struts is likely vulnerable. We've seen similar vulnerabilities exploited before in breaches like the 2017 Equifax data breach."


Update December 10, 11:46 EST: Cloudflare told BleepingComputer that its systems are not vulnerable to CVE-2021-44228 exploitation attempts.


"We responded quickly to evaluate all potential areas of risk and updated our software to prevent attacks, and have not been able to replicate any external claims that we might be at risk," said Leigh Ann Acosta, Cloudflare's Director of Public Relations.

 
 
 

Comentarios


We understand you may need help with more than just Managed IT Services. That’s why we’ve expanded our offerings. We’re happy to offer Managed IT Services – but we’re even happier to take the much-needed care of your business technology entirely off your plate. Ready to learn more about our competitive pricing and packages? ​Contact us today so we can schedule a free onsite Network Analysis and Risk Assessment of your network infrastructure, servers, and workstations.

LATEST BLOG

CONTACT US

UNDERSTANDING IT

Learn more about Unique Solutions and what we can offer for your business.

(888) 417-5155

Unique Solutions MSP, Inc.

South Western Idaho

372 S Eagle Rd., #305

Eagle ID, 83616

Southern California

31805 Temecula Parkway, #248

Temecula, CA 92592

IT can be a complicated thing - trust us, we know. With so much terminology and moving parts to keep track of, there are a lot of concepts that can be tricky to grasp without a little guidance. We’re here to provide this guidance with a few brief guides to key IT topics.

Login to view our member area, member forum, and Newsletters! 

bottom of page