Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Kaspersky comment: Log4Shell Vulnerability

December 2021 by Kaspersky

Last week information security media reported the discovery of the critical vulnerability CVE-2021-44228 in the Apache Log4j library (CVSS severity level 10 out of 10). The threat, also named Log4Shell or LogJam, is a Remote Code Execution (RCE) class vulnerability. If an attacker manages to exploit it on a vulnerable server, they gain the ability to execute arbitrary code and potentially take full control of the system.
In response to the news, the comment from Kaspersky:

Last week a new, particularly dangerous critical vulnerability was discovered in the Apached Log4j library. CVE-2021-44228 or Log4Shell or LogJam, is what’s known as a Remote Code Execution (RCE) class vulnerability, meaning if exploited on a vulnerable server, attackers gain the ability to execute arbitrary code and potentially take full control over a system. The CVE has been ranked a 10 out of 10 in terms of severity.

The Apache Logging Project (Apache Log4j) is an open-source logging library used for millions of Java applications. Any product that uses a vulnerable version of this library (version 2.0-beta9 to 2.14.1) is susceptible to this new CVE.

Log4j contains a Lookup mechanism for searching requests using a special syntax. By creating a custom prefix for this string, attackers can transfer information to a server under their control, leading to arbitrary code execution or a leak of confidential information.

“What makes this vulnerability particularly dangerous is not only the fact that attackers can gain complete control over the system but how easy it is to exploit. Even an inexperienced hacker can take advantage of it—and we’re already seeing that cyber criminals are actively looking for software to exploit with this CVE. However, the good news is that a strong security solution can go a long way in keeping users’ protected,” comments Evgeny Lopatin, security expert at Kaspersky.

Kasperksy products protect against attacks leveraging the vulnerability, including PoCs usage, under the following names:
UMIDS:Intrusion.Generic.CVE-2021-44228.
PDM:Exploit.Win32.Generic

To safeguard against this new vulnerability, Kaspersky experts recommend:
• Install the most recent version of the library, 2.15.0. if possible. You can download it on the project page. In the case of using the library in a third-party product, it is necessary to monitor and install timely updates from a software provider.
• Follow Apache Log4j project guidelines https://logging.apache.org/log4j/2....
• Businesses should use a security solution that provides exploit prevention, vulnerability and patch management components, such as Kaspersky Endpoint Security for Business. Our Automatic Exploit Prevention component monitors suspicious actions of applications and blocks malicious files executions.
• Use solutions like Kaspersky Endpoint Detection and Response and Kaspersky Managed Detection and Response service which help to identify and stop the attack on early stages, before attackers reach their final goals.




See previous articles

    

See next articles