What is Log4j?
Apache Log4j and the Log4Shell vulnerability have been hot topics in the media over the past number of weeks. This is due to the widespread impact this vulnerability has placed upon the IT industry. Understanding Log4Shell is not easy, it is a complex vulnerability yet unfortunately it is easy for a malicious actor to utilise. Many of our customers have recently heard this mentioned in the news and have been contacting us for advice. For that reason, we have taken the time to explain in simple terms the extent of this vulnerability. We hope this gives you the ability to clarify if Log4Shell could impact you. If it could impact you or after reading this post you are still unsure, please do not hesitate to reach out to us.
Our team are more than happy to take the time to listen to your concern and provide expert knowledge and advice. We have a team on standby who specialise in the full spectrum of IT Networks, from Home/Family Networks to Start-up businesses and SMEs to Enterprise clients.
Vulnerabilities are discovered every day. While some can be serious most are not cause for an immediate response. However, on Thursday 9th December 2021 a new vulnerability was publicly released, Log4Shell. This vulnerability has the potential to cause severe impact to many organizations, so all Cyber Security experts were required to immediately turn their attention to it and promptly attempt to detect which software versions within their organizations were vulnerable.
Log4Shell is a software vulnerability in Apache Log4j.
What does Log4j do?
Log4j records events, errors, and routine system operations. It then communicates diagnostic messages about them to system administrators and users. A common example of Log4j in action is when you click on a bad web link and get a “404″ error message. The Web Server running the domain of the web link you tried to access, tells you that there’s no such webpage. The Web Server then records that event in a log for the server’s system administrators using Log4j.
What does Log4Shell do?
First discovered in Minecraft, it is a remote code execution (RCE) vulnerability that if left unmitigated, enables a malicious actor to execute arbitrary Java code to take control of a target server.
Who is at risk?
Organizations that use web servers, web applications and cloud services. The vulnerability does not impact home or personal devices such as smartphones.
How is it resolved?
The fix is easy, upgrade Log4j to its latest version. However, the hard part is to know whether Log4j is being used in any given software system because it is often bundled as part of other software. This requires system administrators to inventory their software to identify its presence. If some people don’t even know they have a problem, it’s that much harder to eradicate the vulnerability.
What should I do?
As a user, you are probably wondering what you can do about all this. Unfortunately, it is hard to know whether a software product you are using includes Log4j and whether it is using vulnerable versions of the software.
One thing you can do is make sure all of your software is up to date.