The Log4j2 Vulnerability: What to know, tools to learn more, and how Elastic can help

log4jsecurity.png

Welcome to Elastic’s Log4j2 vulnerability information hub. Here we will explain what the specific Log4j2 vulnerability is, why it matters, and what tools and resources Elastic is providing to help negate the opportunity for malware exploits, cyberattacks, and other cybersecurity risks stemming from Log4j2.

What is Log4j2?

Log4j2 is an open source logging framework incorporated into many Java based applications on both end-user systems and servers. It is one of the most popular logging libraries online and it offers developers a means to log a record of their activity that can be used across various use-cases: code auditing, monitoring, data tracking, troubleshooting/tweaking, and more. Log4j2 is an open-source, free software that is used by some of the largest companies in the world.

How and why is Log4j2 being exploited?

In late November 2021, a remote code execution vulnerability was identified, reported under the CVE ID: CVE-2021-44228, and released to the public on December 10, 2021. The vulnerability is accessed and exploited through improper deserialization of user-input passed into the framework. It allows remote code execution and it lets an attacker leak sensitive data, such as environment variables, or execute malicious software on the target system which can have a dangerous domino effect. As we know, this is a serious matter and we have already seen its effects across various companies from Minecraft and Oracle to even some of our products here at Elastic. The U.S. government has issued a warning to companies to remain vigilant and be on high alert over the holidays for potential cyberattacks and ransomware issues.

The identified vulnerability impacts all versions of Log4j2 from version 2.0-beta9 to version 2.14.1. Early methods to patch the issue resulted in a number of release candidates, culminating in recommendations to upgrade the framework to Log4j2 2.15.0-rc2. For a more detailed look into how and why bad actors are using this vulnerability exploit, please refer to our blog about how to detect the log4j2 exploitation using Elastic Security.

How Elastic is approaching the Log4j2 exploit and the issues surrounding it

When Elastic learned of this vulnerability and how it affects our products, our engineering and security teams worked hard to ensure that our customers remained safe, aware, and were equipped with the knowledge of how to use our products to combat Log4j2’s vulnerabilities. We released an up-to-date advisory that outlines Elastic’s response, affected and unaffected products, updates, and more. We are also pleased to announce new versions of Elasticsearch and Logstash, 7.16.2 and 6.8.22, which upgrade to the latest release of Apache Log4j and address false positive concerns with some vulnerability scanners could be impacted. Elastic also maintains ongoing updates via our advisory to ensure our customers and communities can stay up-to-date on the latest developments, just as we are.

The Elastic Security team also released a response and analysis on the security flaw itself. As mentioned above, we also released an up-to-date blog on how to detect log4j2 exploits using Elastic Security (which we are linking to again because it is quite helpful). Those who are not using Elastic Security but now want to do so, please take a look at our free fundamentals training courses and Quick Start training videos.

What’s next for the log4j2 vulnerability and the companies and users that could be affected?

Concerns over bad actors taking advantage of this vulnerability, and the potential increasing number of malicious users doing so, is very real. Having the proper security measures in place to combat these threats and get ahead of them all together is quite necessary.

This situation is developing as more updates are made to Log4j2 in the hopes of curbing the issue, but until it is completely resolved, awareness and intentionality in regards to IT and cybersecurity are necessary. Despite the software being patched, this is not the end of the issue from a cybersecurity threat perspective. Many think that the exploits are just getting started, so in the meantime it is paramount that proper cybersecurity measures are taken, and that intentional threat mitigation is practiced.

But Elastic Security can help.

Get started with a free 14-day trial of Elastic Cloud. Or download the self-managed version of the Elastic Stack for free.