Apache\u2019s Log4j is a powerful open-source logging library used by millions of developers worldwide. However, Apache recently discovered an extremely dangerous vulnerability that could leave your applications and servers vulnerable to attack! In this blog post, we will explain what the Log4j vulnerability is, and how you can protect your organization from being exploited. We will also provide instructions on how to upgrade your Log4j installation. So don\u2019t wait \u2013 read on to learn more!<\/p>\n
Apache\u2019s Log4j, now named Log4Shell (CVE-2021-444228), allows remote code execution (RCE) on servers\/computers that gives a hacker the ability to import malware, which could compromise machines. Apache\u2019s Log4J is a logging tool used in many Java based applications that affects a broad range of services and applications.<\/p>\n
#1 – Identify the Existence of Log4j Library in Your Environment\u00a0<\/b><\/p>\n
Review software leveraged in your environment and identify applications that are impacted by this vulnerability. A preliminary list of impacted software is available here<\/a>.<\/p>\n NOTE:<\/b> This is list is not comprehensive.<\/p>\n #2 \u2013 Confirm your Application Vendors Apply the Latest Security Patch, if Necessary<\/b><\/p>\n Apache has addressed the vulnerability in Log4j 2.15.0. Because the security patch is not automatically applied, it is best to contact software vendors leveraging the Log4j 2 package and confirm they applied the security patch as soon as possible.<\/p>\n #3 – Implement Available Workarounds<\/b><\/p>\n If upgrading to Log4j 2.15.0 is not immediately feasible, Apache recommends<\/a> implementing the following workarounds to mitigate this vulnerability:<\/p>\n #4 – Prevent Impacted Devices from Initiating Outbound Connections<\/b><\/p>\n Any vulnerable infrastructure identified with CVE-2021-44228 should have its ability disabled to communicate externally until a security patch has been applied or mitigations have been implemented.<\/p>\n For a complete overview of this vulnerability, please refer to the link below:<\/strong><\/p>\n Microsoft Security Response Center: Apache Log4j (CVE-2021-44228)<\/b><\/a><\/p>\n To find out more information about how Apache\u2019s Log4j Vulnerability may impact your organization or to get answers to any other important questions you may have, please give us a call at 508-543-6979<\/a> or send us a message here to get started.<\/p>\n<\/div>\n\t<\/div>\n<\/div>\n\n
\n\t\tGet in Touch with TSI<\/span>\n\t<\/h3>\n\t<\/div>\n<\/div>\n