Due to the recent announcement, the vulnerability log4shell affecting the Log4j library provided by Apache.
What’s know so far:
The library is used in many implementations, from Apache Struts to Microsoft’s Minecraft, and the list is likely to grow, Apache itself recommends the upgrade to v2.15.0. It is affected by an unauthenticated remote code execution (RCE) vulnerability that can be abused to transfer malicious code to the target host, where the host executes the code as part of functionality of Log4j, thus providing the attacker a way to establish the initial infiltration and to download additional payload.
Here is what you can do:-
- Monitor for any system configuration changes
- In your firewall/IPS, including DNS and IP filters update with the latest information about sources of attacks
- Users should upgrade to Apache log4j 2.13.2 to fix this issue.
Details could be found in
iuworld.hk 