By Tommi-Lee Hine-Dickinson, Published Tuesday, 14th December 2021
This vulnerability was publicly disclosed on Thursday 9th December 2021, however researches have found that this has been exploited since, at least, the 1st December. As there are no patches available for every application, which contains the software component, the vulnerability is classed as a Zero-Day. Since the vulnerability was disclosed there is therefore no remediation patch to apply for a lot of systems.Attackers can send information to an application via various means, which are then logged using the Log4j function. One easy way this can be done is with the username box on the login screen as applications will commonly log the name of the user, who attempted to log into the application. Instead of entering in a username, the attackers will enter in a piece of code, which is then interpreted by the application and executed. Attackers are using code to make the applications look to an external malicious server, to either post information or download files/code to execute on the target system. It's this part of the vulnerability which is incredibly dangerous as this, in some situations, can be used to install malicious software onto networks or leak sensitive data such as passwords.There has been a patch to correct the vulnerability released by the developers of the Log4j software component, however it's up to the makers of the affected applications to update their software and publish a patch.Datcom recommends that you keep an eye out for any communications from your application vendors which relates to updates or patches being released, as this will likely contain a fix for this vulnerability and needs to be installed. Once you see a notification like this - please get in touch and we can assist with installing to mitigate the threat. For Datcom customers we’ll contact you if there are any patches released for your infrastructure systems (server or networking) which need to be applied.Whilst this exploit is rated so highly and has gained widespread media attention, it does not mean that all systems are vulnerable to attack. Attackers must have a way to send information to a system in order to attack it. Most on-premise applications for example, will not be at direct risk, as they are not accessible over the internet. An attacker must first have access to the internal network which means they have either exploited another vulnerability, or used social engineering to gain access to a computer.If you have any concerns or questions, please email Datcom at email@example.com.
By Tommi-Lee Hine-Dickinson