Last Updated on 10/01/2022 by Sanskriti
Microsoft is warning Windows and Azure customers to be cautious when dealing with potential attacks based on the Log4Shell flaws in the popular Java logging framework Log4j.
The Apache Software Foundation announced a zero-day vulnerability, CVE-2021-44228, and four related issues known as Log4Shell at the beginning of December. Because so many apps and web services rely on Log4j to log Java code, it could be years before the issue is rectified.
Microsoft revealed more information on how the Log4Shell vulnerabilities have been exploited in the wild so far in an update to a blog post first published on December 11, saying:
“Exploitation attempts and testing have remained high during the last weeks of December. We have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on keyboard attacks. Organizations may not realize their environments may already be compromised. Microsoft recommends customers to do additional review of devices where vulnerable installations are discovered.”
- Many known attackers are including and generating Log4Shell (CVE-2021-44228 and CVE-2021-45046) exploits in their malware kits and methods, such as hands-on keyboard attacks and coin miners, according to the tech firm.
- During the last weeks of December 2021, Microsoft noticed that exploitation efforts and testing remained high.
- Mass-scanning, building remote shells, coin mining, and red-team activities are among the most common attacks seen.
The FTC, like Microsoft, has warned that any US corporation that fails to protect its customers’ data from the ongoing Log4j attacks may face legal action. Laws like the Gramm-Leach-Bliley Act and the Federal Trade Commission Act impose the need to take appropriate actions to address any known software vulnerabilities.
