Apache Log4j Remote Code Execution Vulnerability

Jared Hamilton - Senior Solutions Architect
by Jared Hamilton
Managing Director, Systems Engineering

Over the past few days, the security community became aware of active exploitations of a recently disclosed vulnerability in Apache Log4j. This critical vulnerability (CVE-2021-44228), also named Log4Shell or LogJam, is a common component of the Apache Java-based software library, used for logging purposes. If the vulnerability is exploited, malicious actors gain the ability to execute arbitrary code and potentially gain full control of the underlying system.

Helient has a task force assembled and is actively monitoring the situation across many common vendors. As these vendors release mitigations, workarounds, or fixes to their software solutions, Helient will be updating our customers on recommended courses of action.

Threat actors and researchers are actively scanning for and exploiting the Log4j Log4Shell vulnerability to deploy malware or find vulnerable servers. Almost all versions of Log4j are vulnerable, from 2.0-beta9 to 2.14.1. Apache has rapidly released a new native version of their library (2.15.0) that has the vulnerability mitigated. However, this software cannot be installed on every Log4j-capable platform currently in production.

The full extent to which this software package is integrated into the world’s technologies and platforms is actively being discovered and documented, making remediations and mitigations a continuous activity for the time being. Many vendors have already identified their software packages that are vulnerable and have announced mitigations. For others, this remediation effort, including the releasing of new software builds, may takes days or weeks. In the interim, IPS rules, WAF rules, firewall rules and web filtering can all help, by blocking malicious CVE-2021-44228 data from outside, and by preventing servers from connecting to unwanted or known-bad sites. Many security providers that deliver “Detection and Response” services have begun deploying agents or monitors that can quickly query and identify Log4j capabilities.

Helient will be keeping our customers informed and advising on next steps, as it pertains to mitigation and remediation of various hardware and software solutions.

If you would like more information or assistance from our industry leading engineering experts, please contact us at service@helient.com.