14
Dec
2011
News
Log4j security vulnerability - World Direct responds
On 10 December 2021, a critical vulnerability was identified in the widely used Java library Log4j. Systems that use Log4j can be taken over by attackers via this vulnerability - Heise reported. The vulnerability is known as "Log4Shell" and is listed as CVE-2021-44228.
The German Federal Office for Information Security (BSI) sees an extremely critical threat situation and has therefore raised its existing cyber security warning to warning level red.
The reason for this assessment is the very wide distribution of the affected product and the associated impact on countless other products. The vulnerability is also trivially exploitable and a proof-of-concept is publicly available. Successful exploitation of the vulnerability enables a complete takeover of the affected system. The BSI is aware of global and Germany-wide mass scans and attempted compromises. The first successful compromises have also been publicly reported.
Private or corporate - Log4Shell makes no difference!
News and reports about the security gap dominate press releases and relevant information services. In the meantime, it has become clear that Log4Shell is a problem that not only companies have to deal with. Every one of us is potentially affected and at risk! Sophos, for example, reports:
Log4Shell is not only a red alert for companies, but private users can also be affected by the vulnerability. This is especially true if private individuals use cloud servers that are operated by a hosting company or another managed service provider - be it a blog, a forum or the family website.
Log4Shell is not only a red alert for companies, but private users can also be affected by the vulnerability. This is especially true if private individuals use cloud servers that are operated by a hosting company or another managed service provider - be it a blog, a forum or the family website. The fact that popular and widely used platforms such as Apple iCloud, Steam and Minecraft are also affected paints a frightening picture of the extent of the threat. "Attackers have already started actively scanning for and exploiting the vulnerability," reports IT security provider Tenable, among others.
Are software and services affected by World Direct?
We largely rely on Microsoft technology (.NET Framework) and are therefore not indirectly affected. However, a check of peripheral services and components has revealed that we are also using one of the compromised versions of the Log4j component. However, by acting quickly and taking effective immediate measures, we have ensured that the gap is not vulnerable and have not been able to detect any successful attack attempts to date.
Our action plan to contain and neutralise the threat
In close coordination with our Chief Information Security Officer (CISO), we have already taken or planned the following measures to contain and close the security gap:
- 12/12/2021:
Immediate update of the intrusion prevention rules to be able to intercept actual attacks - 13.12.2021:
Active scans of applications and services for the published external attack vectors - 13.12.2021:
Analysis of all applications and peripheral services for the use of malicious components
Risk assessment of exploitability
Application of recommended workarounds - 14.12.2021:
Active scans of the applications and services for the published attack vectors from the inside - 14.12.2021:
Update the services for which there are now patches from the manufacturers and the community - Ongoing:
Further analysis of the new findings on Log4Shell