Log4Shell Cybersecurity Vulnerability – Tech Tip for December 15, 2021

Log4Shell Cybersecurity Vulnerability – Tech Tip for December 15, 2021

This second December Tech Tip is not going to be about more tech gifts for the holidays. Instead, we need to turn attention towards a large cybersecurity vulnerability called Log4Shell that is quickly becoming one of the largest exploits in history.

What is Log4Shell?

Log4Shell is the name of a vulnerability in Apache Log4J code. Apache Log4J is a Java-based logging platform that can be used to analyze web server access logs or application logs. Logging is a process where applications keep a running list of activities they have performed which can later be reviewed in case of error.

Most internet-facing applications and sites, firewalls, eCommerce platforms, and games, such as Minecraft use a logging process. The Log4J library is used by millions of these systems which is why this vulnerability has such enormous reach.

What happens if Log4Shell is exploited?

If exploited, the vulnerability allows a cybercriminal to run remote code on vulnerable servers. Once run, the attacker would have the ability to import malware that would completely compromise machines.

What can be done to protect against an exploit?

Apache has already released an update for Log4J (Log4j 2.15.0) to resolve the vulnerability. That said, the work of finding services and applications that utilize Log4J and patching them requires the use of special scripts to find the vulnerable systems and then applying patches. Since the Log4J library is so ubiquitous, we could be seeing issues arise for months to come.

If you have questions about Log4Shell and the impact on your environment, Please contact us. 

Important Microsoft Announcements:

• • • Microsoft will be rolling out price increases for seat based CSP licensing (Microsoft 365, Office 365) starting in January 2022. In addition, they will be introducing annual and potentially 3-year licensing agreements. The pricing changes will substantially increase the price for month to month CSP agreements. Please contact us at  gettechwise@techwisegroup.com to understand how you can minimize the impact of the upcoming price increases.
    • Microsoft will begin the rollout of Windows 11 through Windows Update as an update to Windows 10 machines starting on October 5, 2021. This update can be postponed. If you need assistance with controlling the rollout of Windows 11 to your organization, please contact TechWise Group or your IT department.
    • Starting November 1, 2021, the following versions of Outlook for Windows, as part of Office and Microsoft 365 Apps, will not be able to connect with Office 365 and Microsoft 365 services: