On Thursday (December 9th), a 0-day exploit in the popular Java logging library log4j was discovered that results in Remote Code Execution by logging a certain string.
General Description of the Vulnerability
The vulnerability (CVE-2021-44228 1) is critical, as it can be exploited from remote by an unauthenticated adversary to executed arbitrary code (remote code execution – RCE). The criticality of the vulnerability has a score of 10 (out of 10) in the common vulnerability scoring system (CVSS) which outlines how severe the vulnerability is.
Risk Classification: High
The risk classification can vary due to the specific deployment.
Action taken by SPIE
- Check for "Log4j" threat of all our Managed Service Customers
- Continuous monitoring of customer environments
- In collaboration with customers, remediation steps are planned and initialized as required
General recommended actions for all customers
- Identify affected systems with "Log4j" in your environment.
- Follow provider advisories
- Check individual systems
- Update system offline to version Log4j 2.15.0 or above (best protection)
- Workaround: the following parameter should be set to true when starting the Java Virtual Machine: log4j2.formatMsgNoLookups
For any further requests, please contact your SPIE Service representative.
SPIE ICS AG