Home » Technology » Microsoft » Microsoft Warns Of Critical Vulnerability Log4J2

Microsoft Warns Of Critical Vulnerability Log4J2


Microsoft warns against the exploitation of the discovered Log4j2 security hole, which is currently being exploited by state-sponsored hackers. In a blog post on the problem, the group warns that the vulnerability will be more dangerous than SolarWinds.

For a few days now, there has been great excitement surrounding the discovered security vulnerability CVE-2021-44228, also known as Log4j2. Now Microsoft speaks up again and lets its Microsoft 365 Defender Threat Intelligence Team explain why there are fears of terrible things if hesitant action is now taken to remedy the vulnerability.

State hackers finding gateways

Microsoft expects state-sanctioned attacks from countries like Iran, North Korea, Turkey, and China to use increasingly sophisticated techniques to exploit the widespread Java-based Log4j2 protocol. The hackers try to gain remote access to compromised devices. The security experts have tracked down threats that take advantage of CVE-2021-44228: The majority of the attacks observed by Microsoft are related to mass scans by attackers who try to uncover vulnerable systems.

The US Agency for Cybersecurity and Infrastructure Security (CISA), which has also documented widespread use of the Log4Shell exploit, confirms Microsoft’s fears that this vulnerability will become a bigger problem than SolarWinds was developing at the time.

Apache Log4j2 is one of the most popular Java logging libraries currently in use. According to Microsoft, this is also one of the biggest problems – the number of products based on it is huge. In addition – and this is the second big problem – the vulnerability is easy to exploit. Cybercriminals can’t do anything better, they have an almost endless potential of victims. Therefore, according to Microsoft, companies are encouraged to apply patches faster. Because you can already register an increase in hacking efforts to exploit Log4j, and that at exponential rates. According to a recent report from Check Point, there have been over 800,000 attacks exploiting the Log4j2 bug in the past six days.