Last week a new, particularly dangerous critical vulnerability was discovered in the Apache Log4j library. CVE-2021-44228 or Log4Shell or LogJam, is what’s known as a Remote Code Execution (RCE) class vulnerability, meaning if exploited on a vulnerable server, attackers gain the ability to execute arbitrary code and potentially take full control over a system. The CVE has been ranked a 10 out of 10 in terms of severity.
The Apache Logging Project (Apache Log4j) is an open-source logging library used for millions of Java applications. Any product that uses a vulnerable version of this library (version 2.0-beta9 to 2.14.1) is susceptible to this new CVE.
Log4j contains a Lookup mechanism for searching requests using a special syntax. By creating a custom prefix for this string, attackers can transfer information to a server under their control, leading to arbitrary code execution or a leak of confidential information.
“What makes this vulnerability particularly dangerous is not only the fact that attackers can gain complete control over the system but how easy it is to exploit. Even an inexperienced hacker can take advantage of it—and we’re already seeing that cyber criminals are actively looking for software to exploit with this CVE. However, the good news is that a strong security solution can go a long way in keeping users’ protected,” comments Evgeny Lopatin, security expert at Kaspersky.
Kasperksy products protect against attacks leveraging the vulnerability, including PoCs usage, under the following names:
To safeguard against this new vulnerability, Kaspersky experts recommend:
- Install the most recent version of the library, 2.15.0. if possible. You can download it on the project page. In the case of using the library in a third-party product, it is necessary to monitor and install timely updates from a software provider.
- Follow Apache Log4j project guidelines https://logging.apache.org/log4j/2.x/security.html
- Businesses should use a security solution that provides exploit prevention, vulnerability and patch management components, such as Kaspersky Endpoint Security for Business. Our Automatic Exploit Prevention component monitors suspicious actions of applications and blocks malicious files executions.
- Use solutions like Kaspersky Endpoint Detection and Response and Kaspersky Managed Detection and Response service which help to identify and stop the attack on early stages, before attackers reach their final goals.
21 December 2021