Welcome to ITS! Learn more about our strategic partnership with Afineol!

Mark Sheldon Villanueva

By: Mark Sheldon Villanueva on December 15th, 2021

Print/Save as PDF

What is the Log4j Zero-Day Flaw, and Why is it Important?

Cybersecurity

If your business is running services that use Apache Struts or the Java logging library, Apache log4j, you need to update and install a patch immediately. The critical zero-day flaw, now known as log4shell was made public recently on December 9. 

The new vulnerability has a maximum severity rating of 10 out of 10 as it can allow unauthenticated remote code execution and provide access to servers. Hundreds of attempts at exploiting the flaw have already been reported. 

At ITS, we’ve helped hundreds of businesses bolster their cybersecurity. And from our experience, knowledge is one of the keys to securing your tech from cyber attacks. To help you understand what you can do to mitigate log4shell, we’ll discuss the following: 

  • What is Log4j? 
  • What is Log4Shell? 
  • Steps to Mitigate the Impact of Log4Shell

What is Log4j?

Log4j is a widely used logging tool found in almost every Java Application. That includes services used in many forms of enterprise and open-source software such as cloud platforms, web applications, and email services. It is a Java library used for logging error messages in applications. 

What is Log4Shell? 

Log4Shell, also listed as CVE-2021-44228, is a zero-day vulnerability spotted on the Apache log4j logging library. It has caused widespread panic to IT and security professionals since it was found and made public. That’s because the vulnerability potentially allows for unauthenticated remote code execution to applications using the Java logging library. 

That means a cybercriminal can run a malicious code as your app is logging information and gain full control over the server it’s located on.  

Vulnerable systems and services include anything connected to the internet while running the Apache log4j between versions 2.0 and 2.14.1, which also constitutes the many services and applications written in Java. That means cloud services, email, web applications can easily be affected.

To make it easier to understand, imagine hitting the print command on your computer, and instead of just printing, it triggers a malicious code that steals sensitive data on your servers then sends it to cybercriminals. 

One of the most dangerous aspects of vulnerability is that it’s easy to exploit and difficult to contain. The tool is ubiquitous, which means it can be found virtually everywhere. In fact, even tech giants like Apple, Amazon, and Microsoft were exposed to the risk. That has prompted many IT professionals and software vendors to scramble for a solution. 

Steps to Mitigate the Impact of Log4Shell 

Since Log4j is widely used across different industries, it’s likely that your systems or the apps you use could be one of those that are vulnerable to attack. Here are a few steps you can take to detect and mitigate its impact: 

Determine Which Applications are Vulnerable 

Search Vulnerable ApplicationsYou should conduct a thorough scan of your entire network to find which apps and devices might be vulnerable. Find out if your log4j is between versions 2.0 and 2.14.1. You can also do a manual scan for vulnerable .class and JAR files.  

 

Check with Vendors 

Check with VendorsOnce you’ve identified which apps or services are affected, you should check with the vendor; chances are they are already scrambling to patch the flaw. If they haven’t found a solution yet, they’ll have information on how their services are affected. 

Update and Install Patches 

Update and Install Patches iconIt might be a temporary fix, but updating your log4j to later versions could help reduce the impact of the incident. Apache log4j has released version 2.15.0 that fixes the log4Shell vulnerability.  

 

Secure Your Servers 

Secure Servers iconMake sure that your server doesn’t have unfettered access to the public internet. Those that do are the most vulnerable to the log4j threat. You can then Secure any server traffic going inbound or outbound. You can do this by filtering DNS queries to add an extra layer of security and stop the string of an attack. 

Get in Touch with Experts 

Get in Touch with ExpertsContact your managed service provider (MSP) or your IT company for help. A patch might be available for the vulnerability, but just updating to the latest version is not a long-term solution. Bolstering your defenses with layers of cybersecurity is key to keeping your business safe from attacks today and in the future. 

Need Help Securing a Log4j Vulnerability? 

Log4shell is a critical vulnerability that you should act on immediately. Determine which apps and services are affected, check with vendors for solutions or patches, secure your servers and get in touch with experts. 

At ITS, we’ve helped hundreds of businesses detect vulnerabilities and secure them. Find out how we can help you. Fill out our form for a free security assessment. 

The Whys and Hows of an Engaging Cybersecurity Awareness Training Program