The vulnerability allows attackers to execute arbitrary code on their victims' systems if an affected version of Log4J2 is in use. Just another problem: The gap can be exploited with a simple command and can therefore be made use of with very little expertise. Germanys National Cybersecurity Agency (BSI) further warns of the consequences of the gap.
Java library Log4J2, which is used to write logs in Java applications, is affected. The library is considered a de facto-standard as it is utilized in millions of applications. It is sufficient to initiate a logging process in a Java application with a user-defined string.
Once the process has been successfully executed, only a small exploit file on a remote web resource needs to be referenced to, to perform the attack. The code is not verified regarding its origin, therefore resources outside the user's own server will also be accepted.
Anyone using Java applications with Log4J2 should therefore apply available patches immediately. Even if no network attack has been detected so far, it is recommended to have a qualified IT service provider assess whether the network has been compromised. Due to the ease of exploitation, it is to be expected that criminals will first compromise hundreds of thousands of systems and then begin to monetize these infections in a few weeks, for example by installing ransomware.
On our own behalf: G DATA has taken note of the reports regarding the security vulnerability in Log4j. We have been working constantly at full speed to secure or isolate all affected systems. Our customers are not affected, as G DATA clients as well as G DATA update servers do not make use of Log4J2. All of G DATA’s infrastructure has been successfully patched by now. Since Log4j is included in a very large number of applications, in some minor cases dependency checks are still in progress, we are currently further evaluating vendor information. We are working to have this process completed as quickly as possible