Apache Log4j (Log4Shell) Vulnerability 

What happened?

On December 9, 2021, public information began to circulate about a critical zero-day vulnerability that has put a vast number of services and systems at risk. Named Log4j (or Log4Shell), this open-source vulnerability has presented many dire challenges for security teams, as it affects several widely used enterprise applications and cloud services. This includes Apache Struts, Apache Solr, Apache Druid, Apache Dubbo, Elasticsearch, and VMware vCenter.

How is the situation evolving?

It is highly recommended that all customers apply vendor patches as they become available. Log4j version 2 is now public and ready for user update. Several independent sources have published potential temporary mitigation measures that involve changing configuration files.

Featured articles

Are Endpoints at Risk for Log4Shell Attacks? 

The Log4j story, and how it has impacted our customers 

How can Trend Micro help?
Trend Micro Research, along with the cybersecurity community, is actively analyzing the Log4j vulnerability. Take advantage of our scanning tool to identify compromised server applications. Take advantage of our comprehensive vulnerability assessment tool that can help users check if they are running applications that have a vulnerable version of Log4j.

Webinar: Log4j Vulnerability

What to Know and What to Do

Learn how to recognize the indicators of compromise (IoC) for this attack and what to do if your organization has been impacted.

Product Demo: Log4j Vulnerability

How to Discover, Detect, and Protect

Learn how our products enable discovery, detection, and protection for Log4shell in this 3-minute demo.

 Explore how Trend Micro solutions help you detect and respond rapidly to threats that may breach your defenses.

Expand your view of your attack surface with Trend Micro Vision One. Gain broader visibility into threats and deploy XDR sensors to detect malicious or anomalous activities on monitored endpoints and servers.

60-day free trial of Trend Micro Vision One™: Threat defense platform

If you have server workloads, try virtual patching for the Log4j vulnerability via our 30-day free trial and always-free tiers of Trend Micro Cloud One™: All-in-one cloud security platform

Get in touch with our experts