A new, particularly critical vulnerability was discovered in the Apache Log4j library last week. This is used for millions of Java applications. Here are a few recommendations from the Kaspersky experts.
Log4Shell - also known as LogJam and under the designation CVE-2021-44228 - is a so-called Remote Code Execution (RCE) class vulnerability. This allows attackers to execute arbitrary code and possibly gain full control over a system if it is exploited on a vulnerable server. The CVE was rated 10 out of 10 for severity.
Log4j in millions of Java applications
The Apache Logging Project (Apache Log4j) is an open source logging library used for millions of Java applications. Any product using a vulnerable version of this library (version 2.0-beta9 to 2.14.1) is at risk for this new vulnerability.
Log4j contains a lookup mechanism for searching for queries with a special syntax. By creating a custom prefix for this string, attackers could transmit information to a server under their control, leading to arbitrary code execution or loss of confidential information.
That's what the Kaspersky experts say
Evgeny Lopatin, security expert at Kaspersky, comments on the situation as follows:
“This vulnerability is not only particularly dangerous because attackers can gain complete control over the system, but also because it is particularly easy to exploit - even an inexperienced hacker can benefit from it. We already see that cyber criminals are actively looking for software that they can exploit with this vulnerability. The good news, however, is that a strong security solution can help protect users. "
Kaspersky products detect and block attacks via this vulnerability under the following ID:
UMIDS: Intrusion.Generic.CVE-2021-44228.
PDM: Exploit.Win32.Generic
Kaspersky recommendation to protect the vulnerability
- Immediately install the latest version of library 2.15.0, this is available on the product page [3]. If the library is used in a third-party product, it should be checked when the software provider will make an update available; this should also be installed immediately.
- Follow the Apache Log4j project guidelines at https://logging.apache.org/log4j/2.x/security.html.
- Companies should use a security solution that offers exploit prevention, vulnerability and patch management components, such as Kaspersky Endpoint Security for Business. The Automatic Exploit Prevention component monitors suspicious application actions and blocks malicious files from running.
Use solutions or services such as Kaspersky Endpoint Detection and Response or Kaspersky Managed Detection and Response Service, which can detect and stop attacks in the early stages.
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/