Microsoft has warned that Windows and Azure customers should be on high alert after spotting state-sponsored and cyber-criminal hackers probing systems for a flaw in the Log4j. Microsoft says it spotted attackers using the Log4j flaw through December.
The Apache open source project disclosed on December 9 and will likely take a long time to fix the Log4j flaw. The problem is widespread because the open source project is used in many applications and services.
Microsoft says that this problem is not just in your organization; it’s everywhere. The company has released updates to its security software to help you identify the vulnerability and protect yourself from attackers.
“Exploitation attempts and testing have remained high during the last weeks of December. We have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks,” the Microsoft 365 Defender Threat Intelligence Team and the Microsoft Threat Intelligence Center (MSTIC) said in a January 3 update.
Microsoft said customers should “assume broad availability of exploit code and scanning capabilities to be a real and present danger to their environments.”
They also stated: “Microsoft has observed attackers using many of the same inventory techniques to locate targets. Sophisticated adversaries (like nation-state actors) and commodity attackers alike have been observed taking advantage of these vulnerabilities. There is high potential for the expanded use of the vulnerabilities,”
Microsoft just released a Log4j dashboard that helps you find and fix Log4j vulnerabilities. This dashboard will be available in the Microsoft 365 Defender portal for Windows 10 and 11, Windows Server, and Linux systems. It is a helpful tool to have. CISA also released a Log4j scanner to find vulnerabilities.
Four new vulnerabilities were found in the Log4Shell software. The Apache Software Foundation has published details about these vulnerabilities and advised the Log4Shell team to address the issues in its latest update on December 28. These security flaws are moderate severity and include CVE-2021-44228, CVE-2021-44832, CVE-2021-45105, and CVE-2021-45046.