- Apache Log4j (Log4Shell) Vulnerability
Apache Log4j (Log4Shell) Vulnerability
What happened?
On December 9, 2021, public information began to circulate about a critical zero-day vulnerability that has put a vast number of services and systems at risk. Named Log4j (or Log4Shell), this open-source vulnerability has presented many dire challenges for security teams, as it affects several widely used enterprise applications and cloud services. This includes Apache Struts, Apache Solr, Apache Druid, Apache Dubbo, Elasticsearch, and VMware vCenter.
How is the situation evolving?
It is highly recommended that all customers apply vendor patches as they become available. Log4j version 2 is now public and ready for user update. Several independent sources have published potential temporary mitigation measures that involve changing configuration files.
Featured articles
Are Endpoints at Risk for Log4Shell Attacks?
The Log4j story, and how it has impacted our customers
How can Trend Micro help?
Trend Micro Research, along with the cybersecurity community, is actively analyzing the Log4j vulnerability. Take advantage of our scanning tool to identify compromised server applications. Take advantage of our comprehensive vulnerability assessment tool that can help users check if they are running applications that have a vulnerable version of Log4j.
Are you a target?
Quickly identify endpoints and server applications that may have Log4j.
Customers
Check for the latest updates to our products during this evolving situation.
Webinar: Log4j Vulnerability
What to Know and What to Do
Learn how to recognize the indicators of compromise (IoC) for this attack and what to do if your organization has been impacted.
Product Demo: Log4j Vulnerability
How to Discover, Detect, and Protect
Learn how our products enable discovery, detection, and protection for Log4shell in this 3-minute demo.
Explore how Trend Micro solutions help you detect and respond rapidly to threats that may breach your defenses.
Expand your view of your attack surface with Trend Micro Vision One. Gain broader visibility into threats and deploy XDR sensors to detect malicious or anomalous activities on monitored endpoints and servers.
60-day free trial of Trend Micro Vision One™: Threat defense platform
If you have server workloads, try virtual patching for the Log4j vulnerability via our 30-day free trial and always-free tiers of Trend Micro Cloud One™: All-in-one cloud security platform
Get in touch with our experts