I posted about the Apache Log4j vulnerability last week and saw the internet light up on fire over the weekend. Here is a short summary for those looking for a quick understanding of what is going on.
On Thursday, December 9, a zero-day exploit in the popular Java logging library Log4j was tweeted along with a proof of concept (POC) posted on GitHub. This exploit may result in remote code execution that would allow attackers on the internet to target and control any applications running vulnerable Log4j code. Log4j is a very common logging subsystem, and the exposure will be extensive. This is an industry-wide issue and is not unique to any specific vendor.
Most organizations will be exposed to this. Popular vulnerability scanning technology providers have released signatures to scan against. For example, Rapid7 goes into details on each vulnerability HERE.
Other sources speaking about this are HERE, LunaSec Blog, and Talos Blog
Some people have been tweeting about simple fixes that are not real. Don’t believe anybody saying you are fine by simply blocking something or only worrying about a few things. Consider your entire network in scope and take the appropriate actions scan for the risk, develop a response when a system is impacted and continue to monitor for malicious behavior. Network and Host baseline technology can be extremely helpful to help identify unusual activity as you monitor for potential exploitation against this.
Your remediation doesn’t have to be pretty but make sure you do it. The internet is on fire. This is a serious threat.