www.coretek.com Open in urlscan Pro
70.38.42.203  Public Scan

URL: https://www.coretek.com/blog/mitigate-apache-log4j
Submission: On February 18 via manual from US — Scanned from CA

Form analysis 0 forms found in the DOM

Text Content

This website stores cookies on your computer. These cookies are used to improve
your website experience and provide more personalized services to you, both on
this website and through other media. To find out more about the cookies we use,
see our Privacy Policy.

We won't track your information when you visit our site. But in order to comply
with your preferences, we'll have to use just one tiny cookie so that you're not
asked to make this choice again.

Accept Decline


AMS
 *   Commercial
 *   Government


Toggle navigation

 * Search
   
 * Solutions
   * Smart Cloud
   * Smart Workspace
   * Smart Enterprise
   * Smart Managed Services
 * Partners
 * Resources
   * Events
   * Videos
   * News
   * Blog
   * Case Studies
 * Industry
   * Healthcare
   * SaaS
   * Manufacturing & Automotive
   * Retail
 * Offers
   * Security Assessment
   * Windows 365 Jump Start
   * App Modernization Assessment
   * Microsoft Endpoint Management Quick Start
   * Modern Data Warehouse Workshop
   * View All Offers
 * About
   * About Coretek
   * Air Tight Guarantee
   * Why Azure With Coretek
   * Awards
   * Coretek Cares
   * Careers
 * Contact

AMS Login
 *   Commercial
 *   Government



Search


Home   /   Resources   /   Blog   /  
How to Mitigate Your Risk from Apache Log4j


HOW TO MITIGATE YOUR RISK FROM APACHE LOG4J

Dec 16, 2021

 


ONGOING ADVISORY UPDATES


2021-12-17

Coretek continues to monitor the Apache Log4j vulnerability and will continue to
work with our customers to mitigate the risk revolving around this exploit.
Although information about this vulnerability may continue to evolve, Coretek
will stay up to date with the latest information from reliable sources (linked
below) as it is released. The breadth of impact the Apache Log4j vulnerability
can have on exploited systems is substantial, and Coretek will continue to
provide updates to Coretek customers on an ongoing basis. 

 


THREAT SUMMARY

Since the Apache Log4j (or Log4Shell) began circulating on December 9, 2021, The
breadth of impact the Apache Log4j vulnerability can have on exploited systems
is substantial. Apache Log4j, also known as Log4Shell, is a Java-based logging
library embedded in many software products like Amazon, Broadcom, Cisco,
Cloudera, Splunk, and VMware, for example, that Coretek Customers may use daily.

This RCE vulnerability creates a conducive opportunity for a possible attack
that hackers can use to exploit a remote code execution, which can run arbitrary
code on a targeted machine or system. This type of attack on public-facing
systems can deploy various malware, ranging from Crypto Miners to Trojan
Backdoors and Ransomware payloads within the system that is running the
vulnerable software.

This vulnerability is tracked as CVE-2021-44228, and is an unauthenticated RCE
vulnerability allowing a complete system takeover on systems with Log4j
2.0-beta9 up to 2.14.1. Apache addressed the exploit with the release of Log4j
2.15.0; however, researchers discovered CVE-2021-45046 on December 14, 2021, in
Log4j 2.15.0 that could result in a denial of service (DoS) attack in some
non-default configurations. We recommend updating to Log4j version 2.16.0 to
remediate both CVE-2021-44228 and CVE-2021-45046.

 


WHAT CORETEK IS DOING FOR CUSTOMERS

Coretek is actively running scans for this exploit for all customers with
vulnerability scanning agreements in place. Additionally, Coretek is reviewing
and patching the software that is managed on their behalf when feasible.
 


CORETEK RECOMMENDATIONS


MONITOR SOFTWARE VENDOR SECURITY PATCH ADVISORIES FOR LOG4J 



Vendors are reviewing their tools and releasing vendor-specific patches as they
become available. 

Coretek strongly advises that you: 

 * Monitor software vendor security advisories
 * Cross-reference several sources for accuracy
 * Address these vulnerabilities and any related vulnerabilities identified
   after this content is published for remediation 

The Cybersecurity and Infrastructure Security Agency
(CISA) uses the GitHub community-sourced repository to centralize publicly
available vendor advisories. Please note that this list may not
be comprehensive and will continue to be updated as new information is made
available. 

 


CONDUCT VULNERABILITY SCANS & UTILIZE SCRIPTING

If you are unsure if your company is running Log4j in your environment, Coretek
recommends conducting privileged vulnerability scans (Credentialed or Agent) to
assess the level of risk of this exploit to your environment.  Additionally, we
recommend tracking some of the latest versions of scripts being released to find
Log4j that vulnerability and inventory scanners may have missed.

 


REMOVE LOG4J FROM THE VULNERABLE DEVICE(S)

Verify if the software is needed by another application. If Log4j is not needed,
uninstall it. It is possible that servers may be hosting software that is no
longer needed. Removing unneeded software will protect the device from this and
any future vulnerabilities related to Log4j.

 


PATCH VULNERABLE SOFTWARE 

Coretek advises customers running older versions of Log4j in their
environment (where Coretek does not manage the application) to upgrade to the
current patched version, as more bugs are being discovered. Please note that
Operating System (OS) or system-level patches may or may not update Log4j, so
verify that the applications that use Log4j are updated to use the most current
library.

 


ENHANCE NETWORK SECURITY

Ensure your perimeter firewalls have the latest signatures for blocking the
known Indicators of Compromise (IOCs) for attacks against Log4j. Because of the
amount of attack traffic, due diligence is warranted to verify that all systems
are protected. Confirm that you have adequate network security by enrolling in
detection and response platforms with monitoring. Most importantly, be sure your
incident response plans and remediation/recovery plans are updated and ready for
action in case of an issue.

 


UPDATE YOUR DETECTION AND RESPONSE PLATFORM

Coretek recommends updating your detection and response platform to ensure
detection of real-time Indicators of Compromise and Indicators of Attack
(IOCs/IOAs) of a compromised system if something is missed during the scans.

 


REFERENCES & ADDITIONAL RESOURCES

If you are a Coretek customer, and have questions about Coretek remediation
actions or your support agreements, or are a visitor who would like more
information, please get in touch here.

Apache Log4j Security Vulnerabilities

Arctic Wolf - Important Update on Critical Log4j Vulnerability - CVE-2021-44228

Bleeping Computer - New zero-day exploit for Log4j Java library is an enterprise
nightmare 

Bleeping Computer - All Log4j, logback bugs we know so far and why you MUST
ditch 2.15

Broadcom - Apache Log4j Zero-Day Being Exploited in the Wild 

CISA - Apache Log4j Vulnerability Guidance

NIST NVD  CVE-2021-44228 Detail 

Microsoft’s Response to CVE-2021-44228 Apache Log4j 2   

GitHub - cisagov / log4j-affected-db

Splunk - Log4Shell - Detecting Log4j Vulnerability (CVE-2021-44228) Continued

VMware - VMSA-2021-0028 & Log4j: What You Need to Know





--------------------------------------------------------------------------------




Address
34900 Grand River Avenue, Farmington Hills, MI 48335
844-4CORETEK (844-426-7383) 844-4CORETEK (844-426-7383)

Privacy Policy
Copyright © 2022 Coretek Services | Website by NYN Web+Marketing | Powered by
Web OS


Warning
It appears that your web browser has an option called "Enable JavaScript"
disabled. This means that certain pages on our website will not function
properly for you. Enabling JavaScript on your browser will be slightly different
depending on what browser you use. Below are some links to browser-specific
documentation about enabling JavaScript. Please click here when you've finished
enabling it.



Mozilla (Firefox) Users: click here Internet Explorer Users: click here

— Coretek Services


Attention

Ok