A deserialization vulnerability in the Log4j
logging tool, used to aid in debugging and metrics, has been discovered and requires immediate attention from security teams in organizations of every size and industry. Log4j is not a distinct application, it is a software component and is available in a variety of different services, this makes identifying and patching vulnerable versions of Log4j within an organization challenging. Furthermore, even if publicly accessible applications are not vulnerable, logging services downstream can be compromised by the exploit.
To date most known Log4j attacks have been automated and exploratory
, however it is believed that ransomware gang's, such as Conti
, may have begun using the exploit for lateral movement.
Organizations are urged to perform mitigating actions as soon as possible to prevent:
· Disruption to operations
· Reputational damage
· Response and recovery costs
· Disclosure announcements if there is a breach "[CISA] strongly urges every organization large and small to follow the federal government's lead and take similar steps to assess their network security and adapt the mitigation measures outlined in our Emergency Directive. If you are using a vulnerable product on your network, you should consider your door wide open to any number of threats."
- CISA Director Jen Easterly