Mitigating an Exploit in the Log4j2 Logging Library – RCE Zero-day

banner-Rectangle 6-1

CyberProof’s team was focused over the weekend on providing information and updates necessary to protect our clients from a new, critical remote code execution (RCE) zero-day exploit for Apache Log4j Java-based logging library, now tracked as CVE-2021-44228. The vulnerability allows hackers to conduct unauthenticated RCE and achieve a complete system takeover. Experts at CyberProof provided the following recommendations for organizations needing to mitigate the risk:

  • Upgrade every impacted Apache Log4j between versions 2.0 and 2.14.1 as a critical emerging vulnerability.
  • Upgrade Apache Log4j versions 1.x provided it doesn’t affect any other operations within the organization - as a high severity vulnerability, since it’s been end-of-life since 2015, and is vulnerable to other past unpatched vulnerabilities.
  • If updating to the latest version is not possible, organizations can also mitigate exploit attempts by setting the system property “log4j2.formatMsgNoLookups” to “true”; or by removing the JndiLookup class from the classpath.
  • Consider restricting outbound LDAP/S and RMI traffic (by application control of the firewall, not port numbers) and whitelist specific sources and destinations for legitimate use (if any).
  • Since this vulnerability is being widely exploited, we also recommend that you identify, detect, and be aware of massive scanning over the Internet for vulnerable components – mainly for deploying miners, but possibly bots and ransomware as well.

Want to learn more about handling this and other vulnerabilities? Be in touch today!

Our newsletter is only one click away!