Log4j…. The Gift That Keeps On Giving

This isn’t the type of gift that sysadmins want. But news has come to light that a third Log4j vulnerability has been discovered, this time for a DoS bug. The latest Log4j bug isn’t a variant of the Log4Shell remote-code execution bug but has the same components and can also abuse the attacker-controlled lookups in logged data.

Yikes!

Ayal Yogev, CEO and Cofounder, Anjuna Security had this to say:

     “The Log4Shell bug, as were seeing with other common vulnerabilities such as CVE-2021-45105, is used to execute privileged malicious code that immediately puts entire enterprise IT infrastructures at risk. Stopping the spread is possible using widely available confidential computing facilities available in the cloud and on hosts. These physically and cryptographically isolate an application’s memory, compute and storage from others on a given host stopping the spread at its point of infection.”

Honestly, if you haven’t patched Log4j yet in your environment, you need to get cracking. Because I suspect that more issues will be found with Log4j seeing as everyone and their dog is looking for them.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: