On December 9, 2021, the Apache Log4j project’s GitHub publicly disclosed a high severity vulnerability that impacts Apache Log4j 2 versions 2.0 to 2.14.1.   The vulnerability allows for unauthenticated remote code execution on Log4j 2, an open-source Java logging library used as a dependency by numerous enterprise applications and cloud services.

Currently, there are reports of this vulnerability being exploited in the wild; primarily resulting in the deployment of crypto mining software. However, given the nature of the vulnerability, it’s possible it could be adopted by other threat actors, and we will provide further information and guidance in a subsequent Security Advisory should new information become available.

// What you should do 

If you are running Apache Log4j, you should immediately evaluate the patch linked below:

If patching is currently not an option:

  • Block JNDI from making requests to untrusted servers by setting ‘formatMsgNoLookups’ to ‘true’. The ‘formatMsgNoLookups’ property was added in version 2.10.0, per the JIRA Issue LOG4J2-2109 [1] that proposed it. Therefore the ‘formatMsgNoLookups=true’ mitigation strategy is available in version 2.10.0 and higher, but is no longer necessary with version 2.15.0, because it then becomes the default behaviour.

// What Simplify Security’s MTR is doing 

For customers with Simplify Security MTR:

  • The MTR team is actively evaluating the available proof-of-concept to ensure appropriate detection coverage is available
  • The MTR team will continue to monitor your estates leveraging the latest intelligence surrounding this vulnerability and should we identify anything of concern, our operators will escalate accordingly.

If you are a customer without MTR, please speak to your IT service provider to further understand the potential impact this may have in your business.

// References 

GitHub POC



Recent blog posts

Key Takeaways from the CrowdStrike 2024 Global Threats Report

Key Takeaways from the CrowdStrike 2024 Global Threats Report

CrowdStrike’s new 2024 Global Threat Report has been creating some buzz around the latest trends in the cyberattacks, and we are here to make the key takeaways from the main topics that were talked about in the report more accessible to you. To summarise, the...