December 11, 2021
Log4j High-Risk Vulnerability

Executive Summary

Apache Log4j, dubbed CVE-2021-44228, is an open-source logging utility in almost all major Java-based applications and servers. Currently running on 3 billion devices worldwide, Log4j has been exposed to a high-risk vulnerability underactive and vigorous exploitation. As of December 10th, nearly 10,000+ attacks exploiting this vulnerability have been discovered and that number continues to proliferate. The zero-day exploit named “Log4Shell” affects all industries and has impacted several popular services, including Apple iCloud, Twitter, Steam and Minecraft.

The exploitation of this vulnerability is simple and only requires the attacker to enter a piece of code into the target triggering the vulnerability, allowing the attacker to remotely control the user victim’s server.

 

“In the case of Minecraft, attackers were able to get remote code execution on Minecraft servers by simply pasting a short message into the chatbox.”

— Marcus Hutchins @MalwareTechBlog

 

Security Alert | Log4J

Mitigation | Recommendations

  • If possible, update to Log4j version 2.15.0
  • Flip setting for versions log4j 2.10.0 and up
    • Setting log4j2.formatMsgNoLookups to True
    • This is done by adding -Dlog4j2.formatMsgNoLookups=true in the JVM command line
  • Disable LDAP lookups

 

Read the Updated Alert

 

For additional information, contact:

Dan Gregory
VP | System Engineering, CBI
dgregory@cbisecure.com | 313.649.4611

 


References

  1. https://twitter.com/MalwareTechBlog/status/1469291924733390848
  2. https://raidforums.com/Thread-Apache-Log4j-explodes-with-high-risk-vulnerabilities-comparable-to-eternal-blue-ne
  3. https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/12/log4j-zero-day-log4shell-arrives-just-in-time-to-ruin-your-weekend/
  4. https://twitter.com/GossiTheDog/status/1469374550441869323?s=20
About the Author
CBI | Cybersecurity Solutions
CBI Cybersecurity
CBI is a leading cybersecurity advisor to many of the world’s top tier organizations. Founded in 1991, CBI provides innovate, flexible and customizable solutions that help ensure data is secure, compliant and available. We engage in an advisory-led approach to safeguard our clients against the ever-changing threat landscape—giving them comprehensive visibility into their entire security program and helping them avoid cyber challenges before they can impact their data, business and brand. We are dedicated to the relentless pursuit of mitigating risks and elevating corporate security for a multitude of industries and companies of all sizes.
I Need To...