After SolarWinds in mid-2021, the next big thing we hear in the security world is the Log4Shell. The bugged Log4j package is causing some serious troubles to everyone indirectly, and Microsoft wants to be serious about it.
As per a new alert, Microsoft security teams are warning Windows and Azure customers to remain vigilant about potential attacks based on Log4Shell. Repeated warnings come since the exploit code for this is widely available, and attackers have sharply increased their scanning efforts for vulnerable systems.
Beware of Log4Shell (Log4j)
Log4Shell, the exploit based on bugged Log4j package is opened to the world in early December last year. Even though a patch is made available by the maker, Apache Foundation, it’s still the job of endpoint system admins to apply it for safeguarding.
But, that’s the actual problem, say experts. Log4j is a simple logging Java package used by numerous companies in many of their products. Since it’s widely used, patching it demands long work hours. And this lag is cashed by the threat actors rapidly, as experts warn that many are scanning the web for vulnerable systems.
One among them, Microsoft has been warning its community and the world since the vulnerability was revealed. In multiple notices and now with a fresh alert from its Microsoft 365 Defender Threat Intelligence and the Microsoft Threat Intelligence Center (MSTIC), the security teams said;
“Exploitation attempts and testing have remained high during the last weeks of December. We have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks.”
Microsoft has already released a Log4j dashboard for threat and vulnerability management, and an update to its Windows Defender tool, adding the Log4Shell scanner for any finding exploitations in users’ systems. Companies like CrowdStrike and even CISA have released free scanners for Log4j bugs.
So now it’s the ultimate job of system admins to apply the latest patch available (v2.17.1) to secure the systems. Security experts including Microsoft warned that ransomware groups and other threat actors have added Log4Shell exploits to their malware kits, and been aggressively looking for vulnerable systems.