Mitigating an Exploit in the Log4j2 Logging Library – RCE Zero-day

Mitigating an Exploit in the Log4j2 Logging Library – RCE Zero-day

Mitigating an Exploit in the Log4j2 Logging Library – RCE Zero-day

By CyberProof Research Team

December 12, 2021

CyberProof’s team was focused over the weekend on providing information and updates necessary to protect our clients from a new, critical remote code execution (RCE) zero-day exploit for Apache Log4j Java-based logging library, now tracked as CVE-2021-44228. The vulnerability allows hackers to conduct unauthenticated RCE and achieve a complete system takeover. Experts at CyberProof provided the following recommendations for organizations needing to mitigate the risk:

  • Upgrade every impacted Apache Log4j between versions 2.0 and 2.14.1 as a critical emerging vulnerability.
  • Upgrade Apache Log4j versions 1.x provided it doesn’t affect any other operations within the organization - as a high severity vulnerability, since it’s been end-of-life since 2015, and is vulnerable to other past unpatched vulnerabilities.
  • If updating to the latest version is not possible, organizations can also mitigate exploit attempts by setting the system property “log4j2.formatMsgNoLookups” to “true”; or by removing the JndiLookup class from the classpath.
  • Consider restricting outbound LDAP/S and RMI traffic (by application control of the firewall, not port numbers) and whitelist specific sources and destinations for legitimate use (if any).
  • Since this vulnerability is being widely exploited, we also recommend that you identify, detect, and be aware of massive scanning over the Internet for vulnerable components – mainly for deploying miners, but possibly bots and ransomware as well.

Want to learn more about handling this and other vulnerabilities? Be in touch today!

Written by CyberProof Research Team
Our Cyber Research Team is always on the lookout for the latest threats facing the digital ecosystem. Stay ahead of the risks so you don't need to find out about them after they become your next attackers.