CRITICAL Sysoft Security Advisory – CVE-2021-44228

Security Advisory Nickname: Log4Shell

Security Advisory Name: CVE-2021-44228

Security Advisory Link(s): http://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228, https://nvd.nist.gov/vuln/detail/CVE-2021-44228

Security Advisory Severity: CRITICAL

First of all, what is this CVE-2021-44228 all about?

A serious vulnerability has been found in Log4j which is a logging tool, Java library, included in almost every Java application worldwide. In fact, it is one of the most widely used Java libraries thus far. Most Java applications log data, and there is nothing easier to use than log4j. A critical vulnerability was found that can be widely exploited potentially giving an attacker the ability to execute arbitrary code on a system that uses log4j with little effort. This could lead to crypto mining installations, data breaches, malicious deployments, and ransomware seeding, among others. The discovery has a broad impact and any application containing log4j needs to be given immediate attention. CVE-2021-44228 was given a critical severity rating of 10 out of 10 due to its ease of use, global scope, and potential impact. Another reputable metric called the Kenna Risk score gave CVE-2021-44228 a 93 out of 100. By Kenna standards this is an exceptionally rare score. The problem with this exploit is identifying all the affected software or systems. In many cases, we will all be at the mercy of our vendors alike, waiting for them to push their necessary fixes. Although a patch for this vulnerability has been released by Apache it is only helpful for software developers at this time.

How is Sysoft going to help? 

• We will continue to share important information concerning this vulnerability
• We will track vendor responses about mission critical software
• We will help mitigate risks for our clients where possible through patches or updates
• We will highlight publicly available workarounds or solutions
• We will do everything we can based on your service agreement with us

What can you do to help?

Please take a moment to watch this public video about the Log4Shell security advisory, https://www.youtube.com/watch?v=CvkUPvIMM7o&list=RDCMUCHkYOD-3fZbuGhwsADBd9ZQ. We encourage all our clients to investigate their internal and third-party usage of log4j for configurations that may be vulnerable. There is already a plethora of information concerning this vulnerability available online that can be searched. If you are uncertain or unable to determine if your implementation is vulnerable, patch or update aggressively. Patches and updates are not available for everything yet but there are a few known workarounds to help mitigate exposure. Several community efforts have arisen to track vulnerable software and its status like this one, https://github.com/NCSC-NL/log4shell/tree/main/software. Should your organization develop any Java based software then ensure you have updated your log4j to the latest version 2.15.0+ in all your software developments, https://logging.apache.org/log4j/2.x/download.html. Then make sure you push out patches or updates to anyone that uses your Java based software as soon as possible. For those that need to have the Java Runtime Engine (JRE) installed anywhere for any reason we recommend updating it to the latest version, consistently updating it and removing any older versions. Updating the JRE will not fix the Log4Shell vulnerability but has long been a generally accepted Java recommendation.

How does Sysoft installed software help?

The following list outlines software that we install at our clients although installed software may vary from client to client. They are effective at detecting and responding to threats that vulnerabilities like this one can allow to be executed. No single tool can catch or stop everything, but a complimentary blend of the tools we offer can go a long way to preventing exposure, damage, and further risk. We strongly recommend reaching out to our Sales team If you do not have one or more of these products so you can get started with better protection. 

• Datto RMM
• SentinelOne
• Huntress
• Webroot
• SNAP-Defense
• Umbrella

What can you expect next?

• Any important updates concerning the vulnerability
• An update on our efforts to implement enumeration, mitigation, and detection tool(s) through our RMM software
• A list of mission critical software by vendor with a link to their official response and downloads (if applicable)
• Links to learn how to detect and workaround the vulnerability including a potential “vaccine” called Logout4Shell
• A note on any additional efforts that we will be undertaking to assist

Who do I contact to discuss this vulnerability?

If you have any questions, comments, or concerns about this security advisory then we would ask that you give us a call at (416) 410-7268 or create a ticket by sending an email to support@sysoft.ca. Depending on your request we are also happy to setup an appointment with you to discuss this vulnerability further given its potential impact.