The NCSC and Microsoft is advising organisations to take steps to mitigate the Apache Log4j 2 vulnerability.
LAST UPDATE: 30.12.2021
An unauthenticated remote code execution vulnerability (CVE-2021-44228) is affecting multiple versions of the Apache Log4j 2 library. The NCSC is detecting scans and attempted exploits of the vulnerability globally, including in the UK.
Softwerx have rolled out an analytics rule to customer’s environment to interrogate the log feeds from multiple sources including Office365, DNS, Cisco ASA, Palo Alto Networks, Windows Security Events, Azure Active Directory, IIS, Microsoft Defender and more.
Log4j is used in many types of software, including open source and cloud-based ones, as well as web applications and email services.
Researchers at Microsoft have also warned about attacks attempting to take advantage of Log4j vulnerabilities, including a range of cryptomining malware, as well as active attempts to install Cobalt Strike on vulnerable systems, something that could allow attackers to steal usernames and passwords.
Microsoft 365 Defender now contains a dashboard and feature for identifying and remediating the widespread vulnerabilities in Apache Log4j:
Image courtesy of Microsoft
Further information regarding the vulnerability can be found at these links https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ and https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228
No action is required on our customer’s side.
Read the full article by the National Cyber Security Centre:
Back to News