Log4j: Discover and Remediate


What is Log4j?

Log4J is an open-source logging service. All software and operating systems keep logs of errors, transactions, and other activities used to troubleshoot and identify problems.


Log4j is the most used service for logging. Java is one of the most prominent programming languages. More than likely, Java is on your servers, client pcs, and third-party partners’ systems.


The Log4j library communicates with internal directories, and this is how attackers are compromising systems. Through this vulnerability, attackers remotely activate malicious code and/or download other malicious sources, compromising virtualized infrastructure such as AWS, installing ransomware, exfiltrating data, and compromising networks.



What should you do?

For any servers and computers in your control, assess Java and the need for the service. If the service is not needed, remove it immediately. If the Java service is needed, make sure that patches are deployed immediately. If your company does not have a patch management solution, manual patching will be required.


For third-party partners and vendors, you should contact them immediately and ask if they have deployed the corresponding patches. Your vendor should identify if the service or application is subject to vulnerability. However, if you are not sure if you or your vendor is susceptible to this vulnerability, there are many verification services such as Qualys, Gytpol and other vulnerability management solutions that can help you discover and remediate this vulnerability. Ensure that routine vendor assessment is part of your company's vendor management practices.



What are the vulnerabilities published so far?


CVE has published three vulnerabilities related to Log4Shell:

Vulnerability

What was vulnerable

Log4j 2 patch fixed by

Left the door open for an attacker to initiate a denial-of-service attack by causing an infinite recursion loop on self-referential lookups.

Log4j 2.17.0 for Java 8 and up. This is the latest patch.

Could allow attackers to craft malicious input data that could cause an information leak or remote code execution.

Log4j 2.12.2 for Java 7 and 2.16.0 for Java 8 and up

CVE-2021-44228 (original)

Possible for an attacker to execute random code using the message lookup functionality.

Log4j 2.12.2 and Log4j 2.16.0



How can Pillar Technology Partners help?

Because Log4j is easily exploited, it is crucial to act swiftly to secure your company. Here at Pillar Technology Partners, we have cybersecurity expertise to develop strategies and experience with tools used to quickly find and remediate vulnerabilities before these exploits impact your organization. Contact us to see how we can help your organization.


Other Helpful Resources:

For more latest intel on Log4j and other recent threats and attacks, join Pillar’s Cyber Defense Intelligence Team’s monthly live briefing. You can learn more or register here.


Pillar Technology Partners is on the cutting edge of cybersecurity developments. We’re committed to helping security leaders simplify, understand, assess, remediate, and operate their information security program with a unique focus on data protection. Our CISOs, Security Engineering Teams and Incident Response Teams understand how to help you simplify cyber security. To learn more contact tmartin@ptechcyber.com.


40 views0 comments

Recent Posts

See All