The security provider Trend Micro has developed a free tool for scanning vulnerabilities that users can use to check whether their devices are at risk of a Log4j / Log4Shell attack. It covers all possible scenarios - including attacks on servers, desktops and endpoints.
In mid-December, a new risky vulnerability called Log4Shell (CVE-2021-44228) was discovered, which affects the very widespread Java logging package Apache Log4j. The Log4Shell vulnerability can be misused via specially created log messages in order to then remotely execute arbitrary code on the victim systems. The potential impact of this vulnerability is so great that it is rated 3 based on CVSS version 10,0.x and 2.0 based on CVSS version 9,3 - and it's easy to see why . While the previous attacks were aimed at the server level, there could be a second wave of attacks that also endangers endpoints.
Vulnerability enables almost anything
A malicious actor could use the vulnerability to launch attacks on consumer devices and even cars. For example, various researchers recently demonstrated how Apple iPhones and even Tesla cars can be compromised using simple exploit strings and then issuing commands and stealing sensitive data from the backend servers responsible for these devices.
Servers are still the most vulnerable targets for Log4Shell attacks, especially those on the Internet that use vulnerable versions of Log4j because they are the easiest to compromise. This is followed by internal servers that run vulnerable versions of Log4j and offer exposed services that can be compromised by access brokers. Finally, it is possible that malicious actors also attack desktops with vulnerable versions of Log4j via certain desktop applications.
Log4j: Quick and safe measures
Based on the available open source tools, we have developed a vulnerability scanning tool that covers all possible scenarios - including attacks on servers, desktops and endpoints. The tool can help users verify that they are actually running applications with a vulnerable version of Log4j.
Given that exploits are already in use for Log4Shell, patching vulnerable machines should be a top priority. Most software manufacturers have published guides to help their customers find a suitable solution. It is highly recommended that users apply the manufacturer's patches in their latest version as soon as they become available.
Go directly to the scan tool at Trendmicro.com
About Trend Micro As one of the world's leading providers of IT security, Trend Micro helps create a secure world for digital data exchange. With over 30 years of security expertise, global threat research, and constant innovation, Trend Micro offers protection for businesses, government agencies, and consumers. Thanks to our XGen™ security strategy, our solutions benefit from a cross-generational combination of defense techniques optimized for leading-edge environments. Networked threat information enables better and faster protection. Optimized for cloud workloads, endpoints, email, the IIoT and networks, our connected solutions provide centralized visibility across the entire enterprise for faster threat detection and response.