Microsoft is warning its Windows and Microsoft Azure customers that they need to remain vigilant when dealing with potential attacks exploiting the Log4Shell vulnerabilities in the popular Java logging framework Log4j.
At the beginning of December, the Apache Software Foundation disclosed a zero-day vulnerability, tracked as CVE-2021-44228, and four related flaws now known as Log4Shell. As numerous applications and online services use Log4j to log code written in Java, it could take years before the matter is finally resolved.
In an update to a blog post first published on December 11, Microsoft provided further insight on how the Log4Shell vulnerabilities are being exploited in the wild so far, saying:
“Exploitation attempts and testing have remained high during the last weeks of December. We have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks. Organizations may not realize their environments may already be compromised. Microsoft recommends customers to do additional review of devices where vulnerable installations are discovered.”
Log4j dashboard and scanners
To protect themselves from any potential Log4j attacks, Microsoft recommends that its customers employ now readily available scripts and scanning tools to assess their risk and impact.
In addition to cybercriminals, nation-state hackers that have more advanced capabilities have been observed taking advantage of the Log4Shell vulnerabilities which means we could see large-scale cyberattacks exploiting them in the future. In fact, Sonatype CTO Brian Fox said that “The combination of scope and potential impact here is unlike any previous component vulnerability I can readily recall” in a recent email to TechRadar Pro.
At the end of December, Microsoft took it upon itself to roll out a Log4j dashboard in the Microsoft 365 Defender Portal for Windows 10 and 11, Windows Server and Linux systems to help security teams find patches for software and devices affected by Log4Shell. At the same time, both CISA and Crowdstrike released separate Log4j scanners ahead of the holidays.
Dealing with the the Log4Shell vulnerabilities has been quite difficult for security teams which is why the UK's NCSC recently published a blog post warning organizations about the potential for burnout while trying to patch affected software and devices.
As Log4Shell has the potential to lead to cyberattacks and data breaches on par or greater than the 2017 hack of Equifax, organizations should heed Microsoft's advice when it comes to remaining vigilant.
We've also highlighted the best endpoint protection software, best firewall and best antivirus
Via ZDNet
