Severe alert issued on an actively exploited Log4j vulnerability
Information security now!
Apache Log4j is a Java-based component that can be used in applications to log events and messages. Log4j is extremely widely used in different services and applications. Because of its popularity, many services online are affected by the zero-day vulnerability that has now been published.
The vulnerability was published on 10 December 2021, and it is not yet clear exactly which applications or services are using the vulnerable Log4j component. The vulnerability could allow attackers to execute arbitrary commands on an application server. A proof of concept has already been made available for the vulnerability, and using the code does not require advanced skills.
Individual users cannot fix the vulnerability. Instead, protective measures must be taken by system administrators. Administrators should immediately install the updates published by Apache and update their services to the version log4j-2.15.0-rc2. Organisations are also advised to immediately start investigating how widely they are affected by the vulnerability.
The National Cyber Security Centre Finland (NCSC-FI) is also investigating the extent to which Finnish organisations are affected. The NCSC-FI has also informed the administrators of the vulnerable services identified so far.
How to tell if you are affected by the vulnerability?
There is currently no easy way to find out whether an organisation’s services are using Log4j. In practice, this requires checking application source codes or configurations to see whether Log4j has been enabled. If tools are published for checking systems for the vulnerability, we will update our advice.
If you detect the vulnerability in your environment, we recommend contacting the service administration. Vulnerable services can also be reported to the NCSC-FI. In this article, ‘services’ refer to services such as Steam or iCloud. These examples have been identified as affected by the zero-day vulnerability based on public information.
We also ask you to report to the NCSC-FI any actual or suspected data breaches carried out by exploiting the vulnerability. Data breaches should also be reported to the police.