Over the past weekend many major organizations began warning users of the CRITICAL vulnerability, CVE-2021-44228, known as Log4Shell. This vulnerability affects Apache Log4j versions 2.0-beta9 to 2.14.1 and can allow threat actors to use remote commands to take control of an affected system. There are many cloud services and enterprise applications that use this Java-based logging solution that may affect your organization. An initial, but now outdated, list of companies apps or services with concept code reportedly executed against them include Apple, Amazon, IBM Qradar Siem, PulseSecure, Google, Webex, LinkedIn, VMWarevCenter and many more.
Apache has released updates for Log4j HERE that should be pushed out immediately to any devices or apps using the Log4j library. In many cases this will require vendors to release security updates and each impacted application or service may have its own mitigation recommendations.
It’s recommended to use IPS, WAF, and firewall rules along with web filtering to block malicious data and prevent servers from connecting to known malicious sites.
Microsoft has guidance HERE if using Microsoft 365 Defender and other products. Sophos has also provided detailed guidance HERE.
