My TechDecisions

IT Infrastructure, Network Security, News

Log4j Exploits Stretch Into Second Month

Microsoft is urging organizations to continue their vigilance against the Log4j bugs as known threat actors adopt the exploits.

Leave a Comment

Microsoft January Patch Tuesday
wolterke/stock.adobe.com

IT and security professionals should continue to be vigilant and look for signs of vulnerable versions of Log4j as exploitation attempts stretch into a second month, Microsoft warns.

According to an update to a running Microsoft security blog on the issue, sophisticated threat actors like nation-state groups and others are rolling Log4J exploitations into its attack tools. The vulnerability, known as Log4Shell, is expected to have a long-lasting impact on the IT ecosystem.

“There is high potential for the expanded use of the vulnerabilities,” Microsoft says in the post.

Exploitation attempts and testing remained high during the last two weeks of December after the bug was originally discovered on Dec. 9.

According to Microsoft, known attackers are adding Log4j exploits to their existing malware kits and tactics, including coin miners to hands-on-keyboard actors.

Microsoft warns that organizations may not realize they have already been compromised due to the ubiquitous deployment of Log4j.

Listen: My TechDecisions Podcast Episode 145: The Log4j Vulnerability

“At this juncture, customers should assume broad availability of exploit code and scanning capabilities to be a real and present danger to their environments,” the company says. “Due to the many software and services that are impacted and given the pace of updates, this is expected to have a long tail for remediation, requiring ongoing, sustainable vigilance.”

Microsoft, along with CrowdStrike, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) and other organizations have released open-sourced Log4j scanning tools to help IT professionals find vulnerable versions of Log4j in their environment. It includes detection tools in Microsoft 365 Defender and other free and publicly available scanning tools.

Notable IT vendors such as Cisco, VMWare, AWS, Avaya and more are still working on patching vulnerable products, according to a running list of affected vendors from CISA. As of Tuesday morning, about 2,000 products were listed as affected by the vulnerability.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest Downloads

Practical Design Guide for Office Spaces
Practical Design Guide for Office Spaces

Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-fa...

New Camera Can Transform Your Live Production Workflow
New Camera System Can Transform Your Live Production Workflow

Sony's HXC-FZ90 studio camera system combines flexibility and exceptional image quality with entry-level pricing.

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ