Just as the holiday season is approaching our doorstep, a critical vulnerability in an Apache code library called Log4j 2 has come knocking at the door. Log4j is an open-source Java-based logging library that is widely used by many products, services and Java components. It’s little surprise that the flaw, which scored a perfect 10 on the CVSS scale and is putting countless servers at risk of complete takeover, has sent shockwaves far beyond the security industry.
Indeed, with proof of concept exploit code already available online, we’re now witnessing a mass race between hackers, who are conducting internet-wide scans and exploiting vulnerable systems, security defenders, who are updating systems and putting mitigations in place, and developers, who are auditing applications and code libraries for any dependencies that might include vulnerable versions of the Log4j library.
What is Log4Shell?
Indexed as CVE-2021-44228, the flaw is a remote code execution (RCE) vulnerability that allows an attacker to run code of their choice on an affected server. Should the adversary somehow get into the local network, even internal systems that are not exposed to the internet can be exploited. Ultimately, an RCE vulnerability means that an attacker doesn’t require physical access in order to run arbitrary code that could lead to complete control over affected systems and the theft of sensitive data.
Detection
ESET has released a detection for exploits of this vulnerability that might be present in both incoming and outgoing traffic on Windows systems. Attackers attempting to move laterally from such systems will thus be blocked. Detection of exploit attempts was rolled out with the following detection names:
– JAVA/Exploit.CVE-2021-44228
– JAVA/Exploit.CVE-2021-44228.B