In response to active exploitation, the Cybersecurity and Infrastructure Security Agency (CISA) has ordered government entities to patch systems against the significant Log4Shell vulnerability and published mitigating guidelines. This comes after threat actors got a head start on finding and exploiting Log4Shell susceptible computers to spread malware.
Even while Apache immediately published a patch to address the maximum severity remote code execution flaw (CVE-2021-44228) targeted by exploits publicly revealed on Friday, the fix was only after attackers began deploying the vulnerabilities in the wild was provided. Because Apache Log4j is such a common dependence for corporate applications and websites, its continued exploitation will result in broad attacks and malware distribution.
CISA has now built a dedicated page with technical details regarding the Apache Log4j logging library issue as well as patching information for affected manufacturers and organizations. According to the cybersecurity agency, “CISA urges organizations to review its Apache Log4j Vulnerability Guidance webpage and upgrade to Log4j version 2.15.0, or apply the appropriate vendor recommended mitigations immediately.”
CISA suggests three additional, immediate measures in addition to fixing any products that use the vulnerable library:
- a list of Log4j-enabled internet-facing endpoints
- guaranteeing that SOCs on Internet-connected devices respond to every alarm
- deploying a web application firewall (WAF) that changes its rules automatically
CISA added the CVE-2021-44228 Apache Log4j weakness to the Known Exploited Vulnerabilities Catalog on December 10, the same day Log4Shell exploits were published online. This catalog is a list of hundreds of exposed security flaws that expose government networks to substantial hazards if effectively exploited by threat actors.
In a recent statement, Jen Easterly, CISA Director, stated that CISA is proactively addressing a significant vulnerability impacting products using the log4j software library, in collaboration with their public and commercial sector partners. Given its widespread use, this vulnerability, which is being widely exploited by an increasing number of threat actors, poses an urgent challenge to network defenders.