Critical Log4j Vulnerability - Patching and Mitigation Steps
As many of you are now aware, on Dec.10, 2021, a new, critical Log4j vulnerability was disclosed and dubbed Log4Shell (by researchers at LunaSec). This vulnerability within the Java logging framework was published as CVE-2021-44228, categorized as Critical with a CVSS score of 10 (the highest score possible). This vulnerability allows for malicious hackers to take full control of servers running Apache’s log4 library.
Legion Star’s cybersecurity team is encouraging our clients and the entire business community, to employ the following steps:
1. Assume that your environment has already been exploited and invoke your emergency cyber response plan
2. Patch all affected systems of log4j2 to version 2.15.0 immediately if possible
3. Continuously monitor your affected environments for any signs of compromise
4. Reach out to us or your service provider for assistance assessing and/or securing your environments
Legion Star will be working closely with our technology partners to ensure Client SaaS tenants are patched and monitored for any signs of compromise.