Log4j Zero-Day Vulnerability – What You Need To Know

Dec 22, 2021 | IT Support, Security

Cybersecurity experts have identified a security flaw in Log4j, a Java library for logging error messages in applications, which could allow hackers unfettered access to corporate computer systems. This discovery has prompted urgent warnings from both America’s Cybersecurity and Infrastructure Security Agency and the UK’s National Cyber Security Center. According to NCSC, an application is vulnerable “if it consumes untrusted user input and passes this to a vulnerable version of the Log4j logging library.”

What You Can Do

Identify internet-facing devices running Log4j and upgrade them to version 2.15.0, or apply the mitigations provided by vendors ASAP. Also, set up alerts for probes or attacks on devices running Log4j. Vendors with popular products known to be still vulnerable include Atlassian, Amazon, Microsoft Azure, Cisco, Commvault, ESRI, Exact, Fortinet, JetBrains, Nelson, Nutanix, OpenMRS, Oracle, Red Hat, Splunk, Soft, and VMware. The list is even longer when adding products where a patch has been released. Managing this vulnerability requires technical experience and knowledge to fully understand the exposure and how to take appropriate actions. If you’re not sure if you or your network are exposed to this vulnerability, please contact our team today. We have professional tools that can run scans for your potential exposure and threats.

What’s Next?

Security is constantly changing, and unfortunately, it’s impossible to tell when cybersecurity flaws, like this one, arise. Having a security and a managed services provider on your team can be extremely beneficial to your company and it’s assets. We’re happy to talk about how we have helped our clients in the past and can help yours, too.