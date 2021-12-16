The second vulnerability affecting Apache Log4j identified in recent days and which aggravates the framework of Log4Shell is already actively exploited by various threat actors, thus making the need to install the 2.16.0 version of Log4j even more urgent, which eliminates the problem

Briefly summarizing the situation, the tool Apache Log4jWidely used for logging software events, it suffers from a severe vulnerability, CVE-2021-44228, which allows it to easily execute code remotely without authorization. The vulnerability was addressed in Log4j version 2.15.0 but was found to be “incomplete”, leaving a second flaw, CVE-2021-45046, open that could allow denial-of-service attacks. This flaw has been fixed in version 2.16.0.

Unfortunately, however, the bad news does not cease to arrive: in fact, a third new vulnerability has been identified by the security company Praetorian in the 2.15.0 version of Log4j which can allow “the exfiltration of sensitive data in certain circumstances”. A series of technical details that would allow to better understand the possibilities of exploitation have not been disclosed but currently it is unclear if this has already been fixed in version 2.16.0.

The discovery of the third vulnerability comes at a time when, in addition to a significant increase in exploitation attempts, security companies have also detected the descent into the field of sophisticated hacker collectives supported by governments, including familes. Hafnium and Phosphorous.

To this is added a note from Microsoft’s Threat Intelligence Center, which found that initial access brokers are also actively exploiting Log4Shell to gain access to target networks, and subsequently resell it to third parties mainly interested in the spread and infection of ransomware.