Microsoft is warning its Windows and Microsoft Azure (opens in new tab) customers that they need to remain vigilant when dealing with potential attacks exploiting the Log4Shell vulnerabilities (opens in new tab) in the popular Java logging framework Log4j.
At the beginning of December, the Apache Software Foundation disclosed a zero-day vulnerability, tracked as CVE-2021-44228 (opens in new tab), and four related flaws now known as Log4Shell. As numerous applications and online services use Log4j (opens in new tab) to log code written in Java, it could take years before the matter is finally resolved.
In an update to a blog post (opens in new tab) first published on December 11, Microsoft provided further insight on how the Log4Shell vulnerabilities are being exploited in the wild so far, saying:
“Exploitation attempts and testing have remained high during the last weeks of December. We have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks. Organizations may not realize their environments may already be compromised. Microsoft recommends customers to do additional review of devices where vulnerable installations are discovered.”
Log4j dashboard and scanners
To protect themselves from any potential Log4j attacks, Microsoft recommends that its customers employ now readily available scripts and scanning tools (opens in new tab) to assess their risk and impact.
In addition to cybercriminals, nation-state hackers that have more advanced capabilities have been observed taking advantage of the Log4Shell vulnerabilities which means we could see large-scale cyberattacks exploiting them in the future. In fact, Sonatype CTO Brian Fox said that “The combination of scope and potential impact here is unlike any previous component vulnerability I can readily recall” in a recent email to TechRadar Pro.
At the end of December, Microsoft took it upon itself to roll out a Log4j dashboard (opens in new tab) in the Microsoft 365 Defender Portal for Windows 10 and 11, Windows Server and Linux (opens in new tab) systems to help security teams find patches for software and devices affected by Log4Shell. At the same time, both CISA and Crowdstrike released separate Log4j scanners ahead of the holidays.
Dealing with the the Log4Shell vulnerabilities has been quite difficult for security teams which is why the UK's NCSC recently published a blog post (opens in new tab) warning organizations about the potential for burnout (opens in new tab) while trying to patch affected software and devices.
As Log4Shell has the potential to lead to cyberattacks and data breaches on par or greater than the 2017 hack of Equifax (opens in new tab), organizations should heed Microsoft's advice when it comes to remaining vigilant.
Via ZDNet (opens in new tab)