The vulnerability mayhem has been the talk of the cyber town for slightly over a month now. Log4j or the Log4Shell vulnerability is best known for its dire impact on some of the biggest businesses in the tech world like Twitter, AWS, Minecraft, and several others.

As most people know, this attack vector is a flaw in the Apache Java library that can be exploited to launch RCE’s or remote code execution for nefarious purposes. Unless fixed, the Log4j vulnerability can cause serious concerns and compromise not just the software application or the platform to which it provides access, but also other connected elements in the ecosystem.

If you think the Log4Shell flaw is over by now, think again. Microsoft released five more very nasty vulnerabilities last week. The potential damage these can cause can be catastrophic. (Official Bulletin)

What is the Log4j Vulnerability?

The Log4j vulnerability, also dubbed as the Log4Shell is a 0-day exploit, which is nothing but a flaw in the Java logging Library Log4 which results in remote code execution. Basically, this vulnerability enables the attacker to remotely control the function through a string by conspicuously tricking the application to execute malicious code. Like all other remote code execution threats, it enables the attackers to exploit any software stack that makes use of the Log4j.

However, not all Log4j versions are vulnerable and until now, only the following versions have been detected to have flaws that allow remote controlling.

  • CVE-2021-4104: JMSAppender in Log4j 1.2 / CVSS: 7.5 HIGH
  • CVE-2021-44228: All Log4j versions from 2.0-beta9 to 2.12. 1, and to 2.14. 1 (including 2.15. 0-rc1) remain vulnerable. / CVSS: 10.0 CRITICAL
  • CVE-2021-44832: Apache Log4j2 versions 2.0-beta7 through 2.17.0 / CVSS: 6.6 MEDIUM
  • CVE-2021-45046: Log4j versions from 2.0-beta9 to 2.15.0. / CVSS: 9.0 CRITICAL
  • CVE-2021-45105: Log4j versions from 2.0-beta9 to 2.16.0. / CVSS: .9 MEDIUM

Who should be concerned about the new Log4j vulnerabilities?

Broadly speaking, businesses and users accessing products through the Log4j libraries are susceptible to the Log4j attacks. Organizations worldwide use the Log4j open-source components to enable access depending on their business models and offerings. For instance, platforms like Twitter, Apple’s iCloud services, Amazon Web Services, and even gaming applications like Minecraft were found to be using one of the above-listed insecure versions of the Log4 libraries.

These new CVE’s are especially nefarious since businesses that connect with vendors, suppliers, or customers through this component are also at risk. This could be to log in and access a software tool or to connect to third-party databases like inventory or stock. In such cases, the log4j function not only makes the application insecure but also poses a threat to other elements in the ecosystem such as connected applications, databases, and files. So, any user or organization that makes use of the above-discussed Log4 versions must be concerned about their security.

Final Takeaway

As discussed, the Log4Shell vulnerability is bound to have a massive impact on individuals and businesses worldwide, especially in terms of ransomware (check out 7 Signs that a Company is the Target of Ransomware – Cybersecurity from the Trenches). It is for the organizations deploying this component to incorporate appropriate remedial measures to the earliest and curb the menace. However, there is no one-stop solution and the remediation depends on the manner in which the Log4j was deployed. While some might tackle this issue with a version upgrade, others may require an entire system update with a more secure alternative. Also, manually removing the troublesome code as Minecraft did may resolve the issue for those who cannot spend time and resources on software updates.

I hope the information in this article is helpful to you. Feel free to reach out if you have comments or questions.

Cheers!

Dan Duran @ Rhyno Cybersecurity

MANAGED CYBERSECURITY SOLUTIONS

Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.

GO TO CYBERSECURITY SOLUTIONS

About Rhyno Cybersecurity Services

Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.

Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.