Log4j Zero-Day Vulnerability: What You Need to Know

On December 9, a critical vulnerability was revealed in Apache’s Log4J, a popular Java open source logging system by developers of web and server applications. The vulnerability affects a broad range of services and applications on servers, making it extremely dangerous—and the need to update those server applications urgent.

Impact

The vulnerability allows unauthenticated remote code execution (RCE) on any Java application running a vulnerable version of Apache’s Log4j.

Recommendations

Net at Work customers subscribed to our NOC services with proactive maintenance plans will get updated as we receive security patches and workarounds from your appropriate hardware and software vendors.

We recommend that customers check with their business application software providers to determine if any applications are impacted by the Log4J vulnerability and work with them to update those applications as soon as possible.

If patching is not immediately possible there are a couple workarounds:

1. You can set the JVM parameter “log4j2.formatMsgNoLookups;” to True
2. Put a WAF or Proxy in front of the vulnerable Java app and block access to connections with the User Agent header string “jndi:ldap” and “jndi:dns”

Additional Resources

For more information about the Log4j vulnerability, please refer to the following resources:

1. Apache Log4j Vulnerability Guidance published by the Cybersecurity and Infrastructure Security Agency (CISA)
2. A list of known impacted applications here.

If you have questions about the Log4j vulnerability and how it may impact you, please contact us, our experts are here to help.