Major Description
If you are not already aware of this, on Thursday (December 9th), a 0-day exploit in the popular Java logging library log4j (version 2) was discovered that may result in Remote Code Execution (RCE) by processing a certain string.
System Owners:
Apache has since then released a patch:
https://logging.apache.org/log4j/2.x/security.html Or Disable JNDI
If you are system owners with hosted tools that are impacted, please go ahead and perform the patches/remediation step. CIS is currently working on scanning the network and will start working with system owners to remediate the vulnerabilities. We thank you in advance for working with us.
Details at:
https://therecord.media/log4j-zero-day-gets-security-fix-just-as-scans-for-vulnerable-systems-ramp-up/
System Owners:
Apache has since then released a patch:
https://logging.apache.org/log4j/2.x/security.html Or Disable JNDI
If you are system owners with hosted tools that are impacted, please go ahead and perform the patches/remediation step. CIS is currently working on scanning the network and will start working with system owners to remediate the vulnerabilities. We thank you in advance for working with us.
Details at:
https://therecord.media/log4j-zero-day-gets-security-fix-just-as-scans-for-vulnerable-systems-ramp-up/
