Understanding the Log4j2 Vulnerability

Published on January 5, 2022  |  Cyberfort Advisors
log4j2

There’s been a ton of new information released recently about the CVE-2021-44228 Log4Shell vulnerability.

The “Log4Shell” vulnerability pertains to Log4j2, an open-source, Java-based logging framework that is commonly incorporated into Apache web servers. What was considered a harmless logging tool has now been exploited and used by hackers to seize control of vulnerable applications. The vulnerability is classified as a critical flaw, as an exploit was found publicly available online.

The Beginning

In late November, a critical RCE (remote code execution) vulnerability was discovered, impacting all versions from 2.0-beta9 to 2.14.1. Since that time, two fixes were released, including a partial fix that disabled message lookups for logging mechanism API functions. The second fix restricted accesses and protocols that Log4j2 permits when using Lightweight Directory Access Protocol (LDAP) and Java Naming and Directory Interface (JDNI).

Log4j2 has now been discovered to insufficiently sanitize user-supplied data, which leaves it wide open for attackers to provide a string that can be interpreted as a variable and then when it’s expanded, it will trigger the loading and invocation of a remote Java class fine.

Latest Updates

We have since learned these fixes were incomplete, which led to more countermeasures being activated to prevent Java class execution. In response to these gaps closing, hackers have now shifted their focus to try and create more complex exploitation programs to override or bypass the new restrictions.

In mid-December, Apache released Log4j2 version 2.16.0, which removes support for Message Lookups and disables JNDI.

Why Log4Shell Is Dangerous

There are several ways businesses can be impacted by the Log4j2 vulnerability. According to ThreatPost, small and medium-sized businesses providing any online services could expose their system to malware and data exfiltration if these systems are using the Log4j2 to log events. Once exploited, hackers can use the vulnerability to run any code they choose. The possible outcomes range from malware to the complete takeover of related systems.

How to Prepare Your System

Exploitation of this vulnerability will be difficult to catch or contain without the presence of a dedicated security team. Your IT expert or team needs to take stock of the software you’re using, and the software your vendors are using. Next on the agenda is to patch any and all instances of the Log4Shell vulnerability with the latest versions.

Your business is considered more at risk if it is running a ton of Java applications.

Be Proactive, Not Reactive: Safeguard Your Data Today

The last few years have been a study in the rapid and critical evolution of cybercrime. Your IT department has its hands full, so let CyberFort help.

With CyberFort’s SOC services, you can completely secure your business by using our team of domestic experts. We can help you identify weak points, assess your risk factors, handle log management and firewall management, all while keeping your systems running and ensuring little to no impact on your other operations.

Contact us today to get a network threat assessment.