A new zero-day vulnerability in the Log4j Java Library is being exploited in the wild and might have a massive impact on IT goliaths

A new significant zero-day vulnerability was recently identified in the popular Java logging library log4j (version 2), and this zero-day is a Remote Code Execution (RCE) vulnerability that threat actors might exploit by recording a specific string.

The news of a significant Zero-day Remote Code Execution attack in log4j – CVE-2021-44228 – the most widely used Java logging framework – broke early Friday morning. This type of vulnerability is particularly dangerous because it may be used to run any code through your software and needs an attacker to have very little experience to exploit. Because Log4j is widely used in Java applications, software maintainers must quickly patch it.

This impacts anyone who uses log4j for logging, as well as anyone who uses log4-based applications, which is a substantial portion of enterprise Java software now available.

Attackers have been detected looking for servers that are vulnerable to Log4Shell, according to a number of organizations, including the CERTs for Deutsche Telekom and New Zealand. “We are detecting attacks on our honeypot infrastructure coming through the TOR network,” Deutsche Telekom executives claimed in a tweet.

Examining log files for any services employing affected Log4j versions can help organizations determine if they are affected. According to CERT-NZ, they could be compromised if they contain user-controlled strings, such as “Jndi:ldap,” according to CERT-NZ. It is critically advised that Log4j versions be upgraded to log4j-2.15.0-rc1 to prevent the library from being exploited.