• Home
  • RECCBlog
  • Critical Apache LOG4J Vulnerability – Urgent Patch

Critical Apache LOG4J Vulnerability – Urgent Patch

4 Jan 2022 2:00 PM | Anonymous member (Administrator)

Latest update 1/4/2022 2:00 PM PST:

Latest library is v2.17. Multiple vulnerabilities (3) have been discovered in Log4j functional code. 

Latest News:


A serious Zero-day vulnerability in a widely used Apache Java logging library has become a full-blown internet crisis, affecting millions of digital systems across the internet. On December 11, 2021, Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly released a statement, highlighting that “To be clear, this vulnerability poses a severe risk… We urge all organizations to join us in this essential effort and take action.”  

Log4j is incorporated into a host of popular frameworks, including Apache Struts2, Apache Solr, Apache Druid, and Apache Flink. According to Kaspersky, almost all versions of Log4j are vulnerable, starting from 2.0-beta9 to 2.16. The simplest and most effective protection method is to upgrade the most recent version of the library:

  • Log4j 2.3.2 (for Java 6)
  • Log4j 2.12.4 (for Java 7)
  • Log4j 2.17.1 (for Java 8 and later)

Relative to exploitation post-compromise, “Microsoft has observed activities including installing coin miners, Cobalt Strike to enable credential theft and lateral movement, and exfiltrating data from compromised systems,” the company said.

Older News:


  • 15 Dec 2021 11:52 AM | Anonymous member (Administrator)
    Updated article with Rapid7, Microsoft, and Bitdefender links.
    (Courtesy of Boston Properties and RE-ISAC)
    Link  •  Reply
  • 20 Dec 2021 6:34 PM | Anonymous member (Administrator)
    Updated article to reflect news as of 20 Dec 2021 6:00 PM PST
    Link  •  Reply
© Copyright 2023 Real Estate Cyber Consortium Inc.™ All Rights Reserved. Real Estate Cyber Consortium (RECC) is a 501(c)6 non-profit organization.  Privacy Policy and Terms of Use.
Powered by Wild Apricot Membership Software