On Thursday (December 9th), a 0-day exploit in the popular Java logging library log4j was discovered that results in Remote Code Execution by logging a certain string.


General Description of the Vulnerability

The vulnerability (CVE-2021-44228 1) is critical, as it can be exploited from remote by an unauthenticated adversary to executed arbitrary code (remote code execution – RCE). The criticality of the vulnerability has a score of 10 (out of 10) in the common vulnerability scoring system (CVSS) which outlines how severe the vulnerability is.

Risk Classification: High

The risk classification can vary due to the specific deployment.

Action taken by SPIE

  • Check for "Log4j" threat of all our Managed Service Customers
  • Continuous monitoring of customer environments
  • In collaboration with customers, remediation steps are planned and initialized as required

General recommended actions for all customers

  • Identify affected systems with "Log4j" in your environment.
    • Follow provider advisories
    • Check individual systems
  • Update system offline to version Log4j 2.15.0 or above (best protection)
  • Workaround: the following parameter should be set to true when starting the Java Virtual Machine: log4j2.formatMsgNoLookups

Further Information

GovCert Blog

For any further requests, please contact your SPIE Service representative.

Kind regards

back to panels