The Log4j vulnerability, also known as CVE-2021-44228, is a critical security flaw in the Apache Log4j 2.x library, which is widely used in many Java-based applications for logging and debugging.
The vulnerability allows an attacker to execute arbitrary code remotely on a system that uses a vulnerable version of Log4j. This can lead to a variety of attacks, including taking control of the affected system, stealing sensitive data, and spreading malware.
What is Log4j Vulnerability?
Last week, a flaw in Log4j, an open-source logging framework widely used by apps and services on the internet, was discovered. Attackers can get into systems, steal passwords and logins, extract data, and infect networks with malicious software if the problem is not solved.
Log4j is widely used in software and online services worldwide, and exploiting the vulnerability requires very little technical knowledge. As a result, Log4shell might be the most serious computer vulnerability in years.
What is the impact of Log4j Vulnerability?
Remote code execution: The Log4j vulnerability allows an attacker to execute arbitrary code remotely on a system that uses a vulnerable version of Log4j. This can allow the attacker to take control of the system, steal sensitive data, or spread malware.
Data exfiltration: An attacker can use the Log4j vulnerability to exfiltrate sensitive data from an affected system, such as credentials, financial information, or personal information.
System compromise: If an attacker gains control of a system through the Log4j vulnerability, they can use it as a foothold to further compromise the system or the entire network.
Reputation damage: If a company’s system is affected by the Log4j vulnerability, it can lead to reputational damage, loss of customer trust, and financial losses.
Compliance violations: The Log4j vulnerability can also lead to compliance violations, such as failure to comply with data protection laws, industry regulations, or contractual obligations.
How to Fix Log4j Vulnerability on Windows/MAC?
Every organisation is trying to build a patch that could counter this vulnerability. To fix the Log4j vulnerability, first, check if your server is vulnerable to Remote Code Execution through Log4j.
Step 1) Find if your System or Server is Vulnerable to Log4j
The most straightforward approach to seeing if you’re susceptible is to use huntress.com’s free service, which provides you with a string token that you can use to test your application’s input fields. If your app is vulnerable, a new connection will appear in the huntress.com connection panel.
It’s not necessary to test in an organization’s environment, you can test in your own local environment and fix the Log4j vulnerability locally. Visit the Huntress Log4J Free Testing environment and check for the result.
Step 2) Apply Fix Log4j Vulnerability through the below steps
To fix the Log4j Vulnerability, one can either upgrade your Log4j version to the latest release patch or check again on the Huntress Log4J Testing environment. Check out the latest release, Fix Log4j Vulnerability Patch, on Apache Log4j Security Vulnerabilities Official Website
Set a specific environment variable to turn off this feature. This only works with the latest versions of Tableau Server (the oldest version tested successfully was 2021.1.3, but it was reportedly not working on 2020.2).
Remove the Log4j code causing the installation issue found on the Huntress Log4J Testing environment. This technique is more complicated (and perhaps hazardous), but it works with all server versions.
The above fixes are working, it’s not a guaranteed fix, but it’s worth finding the vulnerability on your server/system. These methods can be applied to both Windows/Linux/MAC or any other Operating System.
Meanwhile, other companies claim that attacks based on Log4j are rising. “The whole Internet is being searched at the moment — at least two botnets are hunting for unpatched vulnerabilities, and we’ll be seeing more in the coming days,” Kevin Reed, CEO of Singapore-based cybersecurity firm Acronis CISO, stated. Prior to Friday, we identified exploitation attempts in the single digits; but during the weekend, we witnessed a 300-fold increase worldwide. It’s difficult to identify which are targeted exploitations — they’re unlikely to be traced at the time.”