Emtec Insights

Log4j Thumbnail Image If you have read the news over the last few days, you have heard about the latest cyber security vulnerability putting corporate networks at risk.

An open-source Java-based logging framework known as "Apache Log4j" has a vulnerability (CVE-2021-44228) that offers threat actors a relatively easy way to access an organization's server. Once there, they can potentially take control, access other systems across an organization's network, and exploit it.

A significant number of Java-based applications use Log4j as their logging utility and are vulnerable to this CVE. Many software packages including those below may be impacted:

  • Apache Struts
  • Apache Solr
  • Apache Druid
  • Apache Flink
  • ElasticSearch
  • Flume
  • Apache Dubbo
  • Logstash
  • Kafka
  • Spring-Boot-starter-log4j2

Recommended Actions for Log4j Vulnerability

The Apache Software Foundation, which manages the Log4j software, has released a security fix for organizations to apply in Log4j.

The CISA* also recommends the following actions for affected entities:

  • Review Apache’s Log4j Security Vulnerabilities page for additional information and continue to monitor for any subsequent bypass discoveries and new updates to protect against this vulnerability.
  • Apply available patches immediately. See CISA's upcoming GitHub repository for known affected products and patch information. 
    • Prioritize patching, starting with mission critical systems, internet-facing systems, and networked servers. Then prioritize patching other affected information technology and operational technology assets.
    • Until patches are applied, set log4j2.formatMsgNoLookups to true by adding -Dlog4j2.formatMsgNoLookups=True to the Java Virtual Machine command for starting your application. Note: this may impact the behavior of a system’s logging if it relies on Lookups for message formatting. Additionally, this mitigation will only work for versions 2.10 and above.
  • Conduct a security review to determine if there is a security concern or compromise. The log files for any services using affected Log4j versions will contain user-controlled strings.
  • Consider reporting compromises immediately to CISA and the FBI.

*CISA.gov

Partner Links for Log4j Vulnerability Updates

Vulnerability Scan

For customers who utilize Digital Defense VRT, DDI provided a preliminary scanner check on December 13, 2021 in scanner release 3.0.89.2. Clients are encouraged to run a full vulnerability assessment, which includes the check Apache Log4j Remote Code Execution (147182). DDI VRT is closely monitoring and will update the check to include specific vulnerable software as information is released. Should you require assistance running an assessment for this flaw, Frontline.Cloud subscribers can contact the Emtec team.

Keep Connected

As with any vulnerability, discovery of additional systems affected may quickly change over time. It is critical to monitor the below resources over the next few weeks to ensure you are aware of new information as it is released.

If you are unsure where to start, or don’t have the security expertise or bandwidth in-house, please reach out to our team. We are here to help.

 

RESOURCES & REFERENCES

Written by Emtec Blog Team

The Emtec blog team is proud to bring you the latest IT insights and best practices for the enterprise to optimize and empower IT, Finance, HR, and Sales and Marketing. The team includes thought leaders globally across sectors, technologies and specialties with their unique experience and acumen. If you would like to connect with the Emtec Blog Team: Insights@emtecinc.com

Leave a comment

Popular Posts

More Emtec Insights

GET INSIGHTS IN YOUR INBOX